Re: certificate problem
On Wed, Nov 28, 2001 at 08:47:13AM +0100, [EMAIL PROTECTED] wrote: Solaris does not support the device /dev/urandom which is necessary to seed the PRNG by default. You can either install a package which emulate /dev/urandom or seed the PRNG manually by the following commands : unsigned char seed_buffer [1024] ; RAND_pseudo_byte(seed_buffer, 1024) ; RAND_seed(seed_buffer, 1024) ; ... RSA_generate_key(...) This, with all due respect, is no good advice. Depending on the platform (and maybe even compiler settings), the buffer may be memset to 0. Generating pseudo bytes from it will mix in the PID and have the pool mixed. That might look random, but finally (if somebody finds out your method), the generated keys are weak. I strongly suggest using using one of the alternative PRNG sources described in the FAQ. Best regards, Lutz -- Lutz Jaenicke [EMAIL PROTECTED] BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/ Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129 Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: Large File Support
The best advice is to rebuild the rpm packages so that these options are in the makefile. You can then upgrade your openssl packages to your new version without (hopefully) breaking other packages. Mail me off the list and I'll send you instructions. - John Airey Internet systems support officer, ITCSD, Royal National Institute for the Blind, Bakewell Road, Peterborough PE2 6XU, Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED] -Original Message- From: Andrew Cornell [mailto:[EMAIL PROTECTED]] Sent: 27 November 2001 00:03 To: openssl-users Subject: Large File Support Has anybody compiled openssl with support for large file (2Gbytes) on linux? I'm running Redhat 7.2 with openssl 0.9.6b. The standard build doesn't handle files bigger than 2G. I'm considering adding the _FILE_OFFSET_BITS=64 and and _LARGEFILE_SOURCE gcc flags into the makefile. Anybody got good advice? __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] - NOTICE: The information contained in this email and any attachments is confidential and may be legally privileged. If you are not the intended recipient you are hereby notified that you must not use, disclose, distribute, copy, print or rely on this email's content. If you are not the intended recipient, please notify the sender immediately and then delete the email and any attachments from your system. RNIB has made strenuous efforts to ensure that emails and any attachments generated by its staff are free from viruses. However, it cannot accept any responsibility for any viruses which are transmitted. We therefore recommend you scan all attachments. Please note that the statements and views expressed in this email and any attachments are those of the author and do not necessarily represent those of RNIB. RNIB Registered Charity Number: 226227 Website: http://www.rnib.org.uk __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: Large File Support
Thanks. I was going to have go at doing it this evening - US time. Andy [EMAIL PROTECTED] 11/28/01 10:52AM The best advice is to rebuild the rpm packages so that these options are in the makefile. You can then upgrade your openssl packages to your new version without (hopefully) breaking other packages. Mail me off the list and I'll send you instructions. - John Airey Internet systems support officer, ITCSD, Royal National Institute for the Blind, Bakewell Road, Peterborough PE2 6XU, Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED] -Original Message- From: Andrew Cornell [mailto:[EMAIL PROTECTED]] Sent: 27 November 2001 00:03 To: openssl-users Subject: Large File Support Has anybody compiled openssl with support for large file (2Gbytes) on linux? I'm running Redhat 7.2 with openssl 0.9.6b. The standard build doesn't handle files bigger than 2G. I'm considering adding the _FILE_OFFSET_BITS=64 and and _LARGEFILE_SOURCE gcc flags into the makefile. Anybody got good advice? __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] - NOTICE: The information contained in this email and any attachments is confidential and may be legally privileged. If you are not the intended recipient you are hereby notified that you must not use, disclose, distribute, copy, print or rely on this email's content. If you are not the intended recipient, please notify the sender immediately and then delete the email and any attachments from your system. RNIB has made strenuous efforts to ensure that emails and any attachments generated by its staff are free from viruses. However, it cannot accept any responsibility for any viruses which are transmitted. We therefore recommend you scan all attachments. Please note that the statements and views expressed in this email and any attachments are those of the author and do not necessarily represent those of RNIB. RNIB Registered Charity Number: 226227 Website: http://www.rnib.org.uk __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Is it possible to run apache without only a secure connection?
Hi I am running an apache server on AIX with openssl and I was wondering if it was possible to only use the secure port 443 and turn off the non secure port 80? Thanks in advance -- Darrin Powell LSSi Corp 919.466.6803 [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
no name/value pairs found in .......
hi all, I'm using openssl via a system call, I can't make it work. On the debug console, my command line is - /usr/local/ssl/bin/openssl ca -notext -config /usr/local/CACertif/openssl.cnf -batch -key key -preserveDN -spkac /tmp/in -out /tmp/out -startdate 011127144414Z 2/tmp/ca.log - If I take a look at the log file it says - no name/value pairs found in /tmp/in - If I copy and execute the above command line, my certificate is created well. My /tmp/in file is something like - TYPE = NETSCAPE C = FR O = entrep-11 OU = etab CN = nom Email = toto UID = 11 SPKAC = MIIBQTCBqzCBnzAN..== - What do I have to set to make my system call work ? Many thanks. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Is it possible to run apache without only a secure connection?
Hey Darrin, More for the apache list but just specify Listen 443 in your httpd.conf file and make sure that is Listen 80 is in the file it is commented out and restart the service. HTH, Harry On Wed, 28 Nov 2001, Darrin Powell wrote: Hi I am running an apache server on AIX with openssl and I was wondering if it was possible to only use the secure port 443 and turn off the non secure port 80? Thanks in advance -- Darrin Powell LSSi Corp 919.466.6803 [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Compiling for MingW32 Under Linux
I need to compile OpenSSL so that it can be used with my MingW32 cross compiler on Debian GNU/Linux. The idea is to be able to compile programs using the OpenSSL library on Linux and then run them under Windows. Any help is greatly appreciated. Ben Pharr __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: OpenSSL on PalmOS
On Sat, Nov 17, 2001 at 10:13:07AM +0200, Leendert Meyer wrote: However, I will need to be able to use SSL on the PalmOS. Does anyone know if I can use OpenSSL on the Palm or is there a proprietry SSL library for the Palm ? AFAIK there is no port of OpenSSL, but there is one of SSLeay: see ftp://ftp.zedz.net/pub/crypto/palmpilot/ With kind regards, Wouter Slegers Your Creative Solutions __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: certs
Leonid, The quick answer to your question is that YOU must parse the cert received from the client to determine whether s/he has access to your site or not. The use of a Verisign signed certificate, with the trusted Verisign CA cert chain contained within the OpenSSL CA cert store, simply means the received cert is signed by a trusted CA and that the SSL connection is considered trusted. See the following function descriptions to help you with cert parsing following a successful SSL connection: PeerCert = SSL_get_peer_certificate(SSL) X509_NAME_oneline(X509_get_subject_name(PeerCert, buffer, 256)) /* add code to parse buffer for the CN of the client cert and validate peer */ X509_NAME_oneline(X509_get_issuer_name(PeerCert, buffer, 256)) X509_get_notBefor(PeerCert,(struct tm*)ptrTime)) X509_get_notAfter(PeerCert, (struct tm*)ptrTime)) For additional clarity, see also the info regarding trusted cert chains and loading of a server's cert and key: SSL_CTX_load_verify_locations SSL_CTX_set_default_verify_paths SSL_CTX_use_certificate_chain_file or SSL_use_certificate_file SSL_CTX_use_PrivateKey_file or SSL_use_PrivateKey_file HTH, Rob -Original Message- From: ZILBER,LEONID (HP-NewJersey,ex1) [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 28, 2001 9:41 AM To: '[EMAIL PROTECTED]' Subject: RE: certs Michael and Jonathan, Thank you for your comments. I understand that server sends a list of accessible CAs. Here is the case I don't completely understand how it works. e.g. I have 2 VeriSign Client Certs, but only 1 VeriSign cert should be valid at the protected site. Although, they are issued from the same CA, the information inside of them is a little different. The server obviously has dn of VeriSign which acceptable CA, so both certs are valid (in terms of they are issued by an valid CA), but only one cert should be VALID to enter that specific site. In your response, you said, choice must be made, arbitratry choice? Who determinites that VeriSign Cert #1 even though is issued by the valid CA, is not valid to enter this site, while VeriSign Cert #2 is a valid one. Thank you in advance. Leon -Original Message- From: Michael Sierchio [mailto:[EMAIL PROTECTED]] Sent: Monday, November 26, 2001 9:12 PM To: [EMAIL PROTECTED] Subject: Re: certs ZILBER,LEONID (HP-NewJersey,ex1) wrote: When a person browses to cert protected website a windows pops up asking to choose which certificate you would like to present, in case the person has several certs installed. Q1. When I choose a cert, how does a server determines if it is the right cert or not? Part of the SSL handshake (in the case of the server requiring client auth) involves the server sending a list of DNs of acceptable CAs. The client presents a cert signed by (or a cert chain terminating in a cert signed by) one of those CAs. If the client has more than one user cert signed by one of the acceptable CAs, a choice must be made. Q2. Is there a way to configure a server, so when a user gets to a cert protected site, server can find the correct certs automatically in the user repository, without prompting a user to choose the correct cert? The server doesn't find anything in the user repository -- it's up to the client. You can edit, presumably, the list of CAs trusted by the server to include only certs issued by your own CA, for example. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] * DISCLAIMER: The information contained in this e-mail may be confidential and is intended solely for the use of the named addressee. Access, copying or re-use of the e-mail or any information contained therein by any other person is not authorized. If you are not the intended recipient please notify us immediately by returning the e-mail to the originator. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
openssl-users@openssl.org
Title: °Ù´óǧÀïÂí ÏàÖªÔÚ°Ù´ó ;;; ;;; ;;; ;;; ;;; ;;; ;;; ;;; ;;;
Marketing your business via the Internet
Title: Online Marketing Strategies Need More Clients?Use the Internet to Find Them! Targeted E-mail Marketing Is A Proven Method For Return SalesWith a database of over 150 million targeted addresses, we can reach your potential clients anywhere in the world. Our staff creates interactive ad campaigns, specifically targeted to your client base, and designed to produce staggering responses for your business. A steady lead source can ensure that your sales team will consistently close deals.The Greatest Return On Your Marketing DollarTargeted e-mail marketing is the most effective way to reach global and local markets with a small expense compared to that of conventional marketing. Quality work and a dedicated professional staff will ensure your ad campaign to be successful. Put our educated team of marketers to work for you.Free Consultation WithMarketing Specialist!(Available 9am - 9pm PST)If your serious about your business, fill out the form below to learn more on our e-mail marketing campaigns. *Required Input FieldName* Web Address*Company Name StateBusiness Phone*Home PhoneE-mail* Type of Business Thank you for your inquiry. One of our consultants will contact you soon.If you received this e-mail in error or would like to be removed, Please Click Here. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
CRL
Dear all, I am a new user of openssl. I ve insttalled it. I succeeded in creating my own CA with its privete key using openssl shell commands. I generated a certificate using this CA. In other words, I signed it using the private key of my CA. Now I want a CRL for this CA. How can I generate/have one that contains the revoked certificates. How can I revoke them using OpenSSL? Please if anybody can help me I will be really thankful. Hafida __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Subject: [Crypt::SSLeay] compile problems on Solaris
i have solaris 8 running on an x86 machine and perl 5.6.1. i'm trying to install Crypt::SSLeay and i get the following problems... tpua@s6 ~torrance/.cpan/build/Crypt-SSLeay-0.35 sudo perl Makefile.PL Password:Found OpenSSL (version OpenSSL 0.9.6) installed at /usr/local/sslWhich OpenSSL build path do you want to link against? [/usr/local/ssl] BUILD INFORMATION ssl dir: /usr/local/ssllibraries: -lssl -lcrypto -lgcc -lRSAglue -lrsarefinclude dir: /usr/local/ssl/includessl header: openssl/ssl.hssl candidate: /usr/local/ssl; /usr/local/ssl/include/openssl; OpenSSL 0.9.6 Note (probably harmless): No library found for -lRSAglueNote (probably harmless): No library found for -lrsarefWriting Makefile for Crypt::SSLeaytpua@s6 ~torrance/.cpan/build/Crypt-SSLeay-0.35 sudo makegcc -c -I/usr/local/ssl/include -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -O -DVERSION=\"0.35\" -DXS_VERSION=\"0.35\" -fPIC -I/usr/local/lib/perl5/5.6.1/i86pc-solaris/CORE SSLeay.cRunning Mkbootstrap for Crypt::SSLeay ()chmod 644 SSLeay.bsrm -f blib/arch/auto/Crypt/SSLeay/SSLeay.soLD_RUN_PATH="/usr/local/ssl/lib:/usr/local/lib" gcc -G -L/usr/local/lib SSLeay.o -o blib/arch/auto/Crypt/SSLeay/SSLeay.so -L/usr/local/ssl/lib -lssl -lcrypto -lgcc chmod 755 blib/arch/auto/Crypt/SSLeay/SSLeay.socp SSLeay.bs blib/arch/auto/Crypt/SSLeay/SSLeay.bschmod 644 blib/arch/auto/Crypt/SSLeay/SSLeay.bsManifying blib/man3/Crypt::SSLeay.3tpua@s6 ~torrance/.cpan/build/Crypt-SSLeay-0.35 sudo make installFiles found in blib/arch: installing files in blib/lib into architecture dependent library treeInstalling /usr/local/man/man3/Crypt::SSLeay.3Writing /usr/local/lib/perl5/site_perl/5.6.1/i86pc-solaris/auto/Crypt/SSLeay/.packlistAppending installation info to /usr/local/lib/perl5/5.6.1/i86pc-solaris/perllocal.podtpua@s6 ~torrance/.cpan/build/Crypt-SSLeay-0.35 sudo make testPERL_DL_NONLAZY=1 /usr/local/bin/perl -Iblib/arch -Iblib/lib -I/usr/local/lib/perl5/5.6.1/i86pc-solaris -I/usr/local/lib/perl5/5.6.1 -e 'use Test::Harness qw(runtests $verbose); $verbose=0; runtests @ARGV;' t/*.tt/ssl_context...Can't load 'blib/arch/auto/Crypt/SSLeay/SSLeay.so' for module Crypt::SSLeay: ld.so.1: /usr/local/bin/perl: fatal: relocation error: file blib/arch/auto/Crypt/SSLeay/SSLeay.so: symbol SSL_set_fd: referenced symbol not found at /usr/local/lib/perl5/5.6.1/i86pc-solaris/DynaLoader.pm line 206.at blib/lib/Crypt/SSLeay/CTX.pm line 2Compilation failed in require at blib/lib/Crypt/SSLeay/CTX.pm line 2.Compilation failed in require at blib/lib/Crypt/SSLeay/MainContext.pm line 8.Compilation failed in require at t/ssl_context.t line 3.BEGIN failed--compilation aborted at t/ssl_context.t line 3.t/ssl_context...dubious Test returned status 255 (wstat 65280, 0xff00)FAILED--1 test script could be run, alas--no output ever seenmake: *** [test_dynamic] Error 2 can someone please help? thanks, terence
RE: certificate problem
Title: RE: certificate problem Lutz, Well sometimes installing additional software is not acceptable as was in my case. Do you have any other suggesstions for people like me? We ship a product that uses OpenSSL and we don't want to install 3rd party apps. While Soo Hom just wants to create certificates with the openssl tool, what would you suggest be done if programatically to generate random bytes if we cannot install a PRNG emulation package? Thanks. - Andrew -Original Message- From: Lutz Jaenicke [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 28, 2001 5:27 AM To: [EMAIL PROTECTED] Subject: Re: certificate problem On Wed, Nov 28, 2001 at 08:47:13AM +0100, [EMAIL PROTECTED] wrote: Solaris does not support the device /dev/urandom which is necessary to seed the PRNG by default. You can either install a package which emulate /dev/urandom or seed the PRNG manually by the following commands : unsigned char seed_buffer [1024] ; RAND_pseudo_byte(seed_buffer, 1024) ; RAND_seed(seed_buffer, 1024) ; ... RSA_generate_key(...) This, with all due respect, is no good advice. Depending on the platform (and maybe even compiler settings), the buffer may be memset to 0. Generating pseudo bytes from it will mix in the PID and have the pool mixed. That might look random, but finally (if somebody finds out your method), the generated keys are weak. I strongly suggest using using one of the alternative PRNG sources described in the FAQ. Best regards, Lutz -- Lutz Jaenicke [EMAIL PROTECTED] BTU Cottbus http://www.aet.TU- Cottbus.DE/personen/jaenicke/ Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129 Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153 __ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Subject: [Crypt::SSLeay] compile problems on Solaris
Test::Harness qw(runtests $verbose); $verbose=0; runtests @ARGV;' t/*.t t/ssl_context...Can't load 'blib/arch/auto/Crypt/SSLeay/SSLeay.so' for module Crypt::SSLeay: ld.so.1: /usr/local/bin/perl: fatal: relocation error: file blib/arch/auto/Crypt/SSLeay/SSLeay.so: symbol SSL_set_fd: referenced symbol not found at /usr/local/lib/perl5/5.6.1/i86pc-solaris/DynaLoader.pm line 206. at blib/lib/Crypt/SSLeay/CTX.pm line 2 Are your openssl libs in your LD_LIBRARY_PATH ? This could cause this error. If this is your fix, please confirm, as I'll make this an FAQ for Solaris platforms. --Josh Terence Pua wrote: i have solaris 8 running on an x86 machine and perl 5.6.1. i'm trying to install Crypt::SSLeay and i get the following problems... tpua@s6 ~torrance/.cpan/build/Crypt-SSLeay-0.35 sudo perl Makefile.PL Password: Found OpenSSL (version OpenSSL 0.9.6) installed at /usr/local/ssl Which OpenSSL build path do you want to link against? [/usr/local/ssl] BUILD INFORMATION ssl dir:/usr/local/ssl libraries: -lssl -lcrypto -lgcc -lRSAglue -lrsaref include dir:/usr/local/ssl/include ssl header: openssl/ssl.h ssl candidate: /usr/local/ssl; /usr/local/ssl/include/openssl; OpenSSL 0.9.6 Note (probably harmless): No library found for -lRSAglue Note (probably harmless): No library found for -lrsaref Writing Makefile for Crypt::SSLeay tpua@s6 ~torrance/.cpan/build/Crypt-SSLeay-0.35 sudo make gcc -c -I/usr/local/ssl/include -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -O -DVERSION=\0.35\ -DXS_VERSION=\0.35\ -fPIC -I/usr/local/lib/perl5/5.6.1/i86pc-solaris/CORE SSLeay.c Running Mkbootstrap for Crypt::SSLeay () chmod 644 SSLeay.bs rm -f blib/arch/auto/Crypt/SSLeay/SSLeay.so LD_RUN_PATH=/usr/local/ssl/lib:/usr/local/lib gcc -G -L/usr/local/lib SSLeay.o -o blib/arch/auto/Crypt/SSLeay/SSLeay.so -L/usr/local/ssl/lib -lssl -lcrypto -lgcc chmod 755 blib/arch/auto/Crypt/SSLeay/SSLeay.so cp SSLeay.bs blib/arch/auto/Crypt/SSLeay/SSLeay.bs chmod 644 blib/arch/auto/Crypt/SSLeay/SSLeay.bs Manifying blib/man3/Crypt::SSLeay.3 tpua@s6 ~torrance/.cpan/build/Crypt-SSLeay-0.35 sudo make install Files found in blib/arch: installing files in blib/lib into architecture dependent library tree Installing /usr/local/man/man3/Crypt::SSLeay.3 Writing /usr/local/lib/perl5/site_perl/5.6.1/i86pc-solaris/auto/Crypt/SSLeay/.packlist Appending installation info to /usr/local/lib/perl5/5.6.1/i86pc-solaris/perllocal.pod tpua@s6 ~torrance/.cpan/build/Crypt-SSLeay-0.35 sudo make test PERL_DL_NONLAZY=1 /usr/local/bin/perl -Iblib/arch -Iblib/lib -I/usr/local/lib/perl5/5.6.1/i86pc-solaris -I/usr/local/lib/perl5/5.6.1 -e 'use Test::Harness qw(runtests $verbose); $verbose=0; runtests @ARGV;' t/*.t t/ssl_context...Can't load 'blib/arch/auto/Crypt/SSLeay/SSLeay.so' for module Crypt::SSLeay: ld.so.1: /usr/local/bin/perl: fatal: relocation error: file blib/arch/auto/Crypt/SSLeay/SSLeay.so: symbol SSL_set_fd: referenced symbol not found at /usr/local/lib/perl5/5.6.1/i86pc-solaris/DynaLoader.pm line 206. at blib/lib/Crypt/SSLeay/CTX.pm line 2 Compilation failed in require at blib/lib/Crypt/SSLeay/CTX.pm line 2. Compilation failed in require at blib/lib/Crypt/SSLeay/MainContext.pm line 8. Compilation failed in require at t/ssl_context.t line 3. BEGIN failed--compilation aborted at t/ssl_context.t line 3. t/ssl_context...dubious Test returned status 255 (wstat 65280, 0xff00) FAILED--1 test script could be run, alas--no output ever seen make: *** [test_dynamic] Error 2 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
pod2html?
Hi, I'm new to openssl, and I've got a problem that I hope somebody can help me with... and yes, I checked the archives and the FAQ but to no avail. I want to convert the .pod files into something that I can deal with. The problem is that there is pod2man.pl which is all nice and well, but as I'm running Windows (and only Windows), man pages aren't much use to me. Is there a *simple* way I can convert these files into something like HTML, which I can cope with. TIA, David __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Qnx 6
Could you please test the attached patch? Index: Configure === RCS file: /e/openssl/cvs/openssl/Configure,v retrieving revision 1.226.2.30 diff -u -r1.226.2.30 Configure --- Configure 2001/11/14 10:44:13 1.226.2.30 +++ Configure 2001/11/22 14:25:07 @@ -350,6 +350,9 @@ # QNX 4 qnx4, cc:-DL_ENDIAN -DTERMIO::(unknown)::${x86_gcc_des} ${x86_gcc_opts}:, +# QNX 6 +qnx6, cc:-DL_ENDIAN -DTERMIOS::(unknown):-lsocket:${x86_gcc_des} ${x86_gcc_opts}:, + # Linux on ARM linux-elf-arm,gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::dlfcn:linux-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR), This works perfectly. I added this very small change to config to make it happen by itself. *** config.orig Fri Mar 30 10:49:08 2001 --- config Wed Nov 28 19:32:46 2001 *** *** 200,208 ;; QNX:*) ! case $VERSION in 4*) echo ${MACHINE}-whatever-qnx4 ;; *) echo ${MACHINE}-whatever-qnx --- 200,211 ;; QNX:*) ! case $RELEASE in 4*) echo ${MACHINE}-whatever-qnx4 + ;; + 6*) + echo ${MACHINE}-whatever-qnx6 ;; *) echo ${MACHINE}-whatever-qnx __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: pod2html?
Dear Sir, Perhaps if you have access to a __Unix__ box (VMWARE and another partition ?) On Thu, Nov 29, 2001 at 12:16:14AM +0100, David Somers wrote: Hi, I'm new to openssl, and I've got a problem that I hope somebody can help me with... and yes, I checked the archives and the FAQ but to no avail. I want to convert the .pod files into something that I can deal with. The problem is that there is pod2man.pl which is all nice and well, but as I'm running Windows (and only Windows), man pages aren't much use to me. Is there a *simple* way I can convert these files into something like HTML, which I can cope with. TIA, wins cat /usr/libdata/perl/5.00503/Benchmark.pm | pod2html | tail -5 /usr/bin/pod2html: -: cannot resolve Lprintf(3) in paragraph 50: no such page 'printf(3)' functionality. /BODY /HTML wins uname -a FreeBSD wins.aipo.gov.au 4.3-RELEASE FreeBSD 4.3-RELEASE #2: Wed Jul 4 19:09:37 EST 2001 [EMAIL PROTECTED]:/usr/src/sys/compile/WINS i386 wins may help. You may even find that pod2html is in the excellent Cygwin distro. David __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] -- Stanley HopcroftIP Australia Network Specialist +61 2 6283 3189 +61 2 6281 1353 (FAX) [EMAIL PROTECTED] I'd love to go out with you, but my favorite commercial is on TV. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: CRL
Hi Fouta, Here is what you requested. # Generate a CRL openssl ca gencrl -crldays 15 -out ./CRL.pem # Revoking a Certificate openssl ca -revoke ./userCert.pem # NEXT Update the CRL openssl ca -gencrl -crldays 15 -out ./CRL.pem Enjoy! Fouta Hafida wrote: Dear all, I am a new user of openssl. I ve insttalled it. I succeeded in creating my own CA with its privete key using openssl shell commands. I generated a certificate using this CA. In other words, I signed it using the private key of my CA. Now I want a CRL for this CA. How can I generate/have one that contains the revoked certificates. How can I revoke them using OpenSSL? Please if anybody can help me I will be really thankful. Hafida __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] -- # .- ...- . .-. .-. --- . ... .- .-.-.- .- -.-- ... .- # Averroes A. Aysha # Think Linux, Think Slackware! # e-fingerprint = 63:B0:7D:A1:23:BC:25:96:AE:B7:76:36:F3:07:1F:88 # .- ...- . .-. .-. --- . ... .- .-.-.- .- -.-- ... .- smime.p7s Description: S/MIME Cryptographic Signature
Re: CRL
Dear Hafida, try the commad : openssl ca gencrl before that you need to revoke certificates in the index file. bye Haikel MEJRI Security Enginner National Digital Certification Agency TUNISIA On Wednesday 28 November 2001 21:33, you wrote: Dear all, I am a new user of openssl. I ve insttalled it. I succeeded in creating my own CA with its privete key using openssl shell commands. I generated a certificate using this CA. In other words, I signed it using the private key of my CA. Now I want a CRL for this CA. How can I generate/have one that contains the revoked certificates. How can I revoke them using OpenSSL? Please if anybody can help me I will be really thankful. Hafida __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
PEM/ASN Questions
Hi. I'm getting myself confused with the different formats. I see the PEM functions are defined as PEM_ANS. Is PEM the equivalent of ANS or can ASN be represented in PEM format. The route of my problem is such. I am going to be getting a public key on a socket from a MS machine exported using the X509_ASN_ENCODING flag. I am assuming that this is binary data. Using a memory bio (BIO_s_mem()) I want to read this into a EVP_PKEY structure so that I can include the key into a certificate that I am creating. What function(s) would I need to use to accomplish this. What is the correct PKCS format to send the certificate back to the client? Any help appreciated Hylton smime.p7s Description: application/pkcs7-signature