ssl-j problem

2002-04-04 Thread Kaushik Bhowmik 


hi all

Please suggest a way on how we can generate certificates and key using
openssl  for client authetication with RSA SSL-j  library implementation of
SSL V3 protocol.

Please include me in cc list as i am not in openssl-users list.

thanks and regards
kaushik.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: How to add Postal code to a certificate request

2002-04-04 Thread Chandu 

Hi,
I was able to add the postal code.  But there is some problem with the Short
Name.  What should be given for the short name?  I have given ZIP and also
tried with PC.

With the above values in the request, generation of certificate request is
fine.  But when trying to enroll for a certificate in isakmp-test.ssh.fi
site, it is failing.
But when I put the Short name as OID.2.5.4.17 it accepted.

What is the correct Short name and Long name for the postal code

Regards
Suram
- Original Message -
From: Joern Sierwald <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, April 02, 2002 3:51 PM
Subject: Re: How to add Postal code to a certificate request


At 15:25 02.04.2002 +0530, you wrote:
>Hi,
>I have a doubt regarding the addition of postal code or PIN code or ZIP
code
>to the certificate request.
>
>How to add Postal code to a certificate request.  I tried to search for an
>NID for the postal code but could'nt found.
>
>What is the way to add the postal code to a certificate request??
>
>Regards
>Suram
>
>__
>OpenSSL Project http://www.openssl.org
>User Support Mailing List[EMAIL PROTECTED]
>Automated List Manager   [EMAIL PROTECTED]

Put it in an OID 2.5.4.17, "postal code".

The postal code should also go into line 5 of the postal address, OID
2.5.4.16.

Line 1 object's RDN
Line 2 Street address or PO box
Line 3 no default value
Line 4 Physical Delivery Office Name, State or privince name
Line 5 Postal Code
Line 6 Country Name (from the DN)

See Recommendation F.401

Use google to search for "2.5.4.17 postal code"

Jörn

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: How to add Postal code to a certificate request

2002-04-04 Thread Joern Sierwald 

At 14:25 04.04.2002 +0530, you wrote:
>Hi,
>I was able to add the postal code.  But there is some problem with the Short
>Name.  What should be given for the short name?  I have given ZIP and also
>tried with PC.
>
>With the above values in the request, generation of certificate request is
>fine.  But when trying to enroll for a certificate in isakmp-test.ssh.fi
>site, it is failing.
>But when I put the Short name as OID.2.5.4.17 it accepted.
>
>What is the correct Short name and Long name for the postal code
>
>Regards
>Suram

There is no short name. Sorry.

The OID has an ldap name "postalCode", but that's not really helpful
when dealing with just certificates.

You will have to live with the fact that all software will display your
postal code as OID.2.5.4.17=24000 or something, with
no proper name.

Jörn


__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Please help on stupid compile on VC++

2002-04-04 Thread Red 

Hi,

i try to link with nmake utility under prompt openssl with a mixture 
library that I took in part from Linux 2.4 because
  I hadn't them on my system and other library were standard of Visual C++ 
6.0 like stdlib.h. At finish i take these errors.

what do you suggest? I should try also with Linux stdlib.h?

Best regards and thanks in advance

Marco Puccio

this is result:

Microsoft (R) Program Maintenance Utility Version 6.00.8168.0
Copyright (C) Microsoft Corp 1988-1998. All rights reserved.

Building OpenSSL
cl /Fotmp32dll\hw_aep.obj -Iinc32 -Itmp32dll /MD /W3 /WX /G5 /Ox /O2 /O
b2 /Gs0 /GF /Gy /nologo -DWIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN 
-DDSO_WIN32 /Fd
out32dll /GD -D_WINDLL -D_DLL -c .\crypto\engine\hw_aep.c
hw_aep.c
.\crypto\engine\hw_aep.c(61) : error C2014: preprocessor command must start 
as f
irst nonwhite space
C:\Programmi\Microsoft Visual Studio\VC98\include\stdlib.h(100) : error 
C2059: s
yntax error : 'type'
C:\Programmi\Microsoft Visual Studio\VC98\include\stdlib.h(366) : error 
C2143: s
yntax error : missing '{' before '__cdecl'
C:\Programmi\Microsoft Visual Studio\VC98\include\stdlib.h(440) : error 
C2143: s
yntax error : missing '{' before '__cdecl'
.\crypto\engine\hw_aep.c(192) : error C2061: syntax error : identifier 
'recorded
_pid'
.\crypto\engine\hw_aep.c(192) : error C2059: syntax error : ';'
.\crypto\engine\hw_aep.c(192) : error C2513: '/*global*/ ' : no variable 
declare
d before '='
.\crypto\engine\hw_aep.c(468) : warning C4018: '<=' : signed/unsigned mismatch
.\crypto\engine\hw_aep.c(623) : error C2065: 'pid_t' : undeclared identifier
.\crypto\engine\hw_aep.c(623) : error C2146: syntax error : missing ';' 
before i
dentifier 'curr_pid'
.\crypto\engine\hw_aep.c(623) : error C2065: 'curr_pid' : undeclared identifier
.\crypto\engine\hw_aep.c(627) : warning C4013: 'getpid' undefined; assuming 
exte
rn returning int
.\crypto\engine\hw_aep.c(631) : error C2065: 'recorded_pid' : undeclared 
identif
ier
NMAKE : fatal error U1077: 'cl' : return code '0x2'
Stop.







__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Got ERROR: unable to load Netscape SPKAC structure - HELP!

2002-04-04 Thread Spiegel, Volker 
Title: Got ERROR: unable to load Netscape SPKAC structure - HELP!





Hello,


I am using Linux SuSe 7.3 with Netscape 6 (!) trying
to generate certificates request.


I have a CGI/Perl-Skript using the KEYGEN-Tag for Netscape.
The SPKAC-Request is successfully written to a file to the filesystem.


Then I tried to call openssl ca to sign the SPKAC-Request and got the
following OPENSSL-Error:


unable to load Netscape SPKAC structure 3298:error:0B081076:x509 certificate routines:NETSCAPE_SPKI_b64_decode:base64 decode error:x509spki.c:92: 

What went wrong?


Using the same Perl-Skript with Netscape 4.78 everything went ok!! 
So I think openssl cannot process Netscape 6-SPKAC-Request at the moment?!


I heard that there are some problems with the formatting of the SPKAC-Request
having extra ^M or the like. But my SPKAC is ok! 


Maybe there is a bug in Netscape 6? Or in my OPENSSL? 
I am using OPENSSL 0.9.6a which is supplied with Linux SuSe 7.3.


Thank for you help,
Volker


Volker M. Spiegel
Senior Consultant
Competence Center Enterprise Trading Portals
___
entory AG - 
ein Unternehmen der Gruppe Deutsche Börse
Office Frankfurt        
Niedenau 13-19
D-60325 Frankfurt am Main
Tel. +49 (0) 69 / 97261 -373
Fax. +49 (0) 69 / 97261 -70
Mobile +49 (0) 172 / 73 95 326 
mailto:[EMAIL PROTECTED]
http://www.entory.com


This mail and any files transmitted with it is intended to be confidential and for the use of only the individual or entity named above. If the reader of this message is not the intended recipient, you are notified that retention, dissemination, distribution or copying of this mail and files transmitted with it is strictly prohibited. If you receive this mail in error, please notify us immediately by mail or phone and delete the mail and any files transmitted with it. Thank you!

We also like to inform you that communication via mail over the internet is insecure, and third parties may have the possibility to access or manipulate the mail and any files transmitted with it.

Re: Got ERROR: unable to load Netscape SPKAC structure - HELP!

2002-04-04 Thread Richard Levitte - VMS Whacker 

Volker.Spiegel> unable to load Netscape SPKAC structure 3298:error:0B081076:x509 
certificate routines:NETSCAPE_SPKI_b64_decode:base64 decode error:x509spki.c:92: 
Volker.Spiegel> 
Volker.Spiegel> What went wrong?

Good question.  Someone running Netscape 6 might be able to answer
your question.  However:

Volker.Spiegel> Using the same Perl-Skript with Netscape 4.78
Volker.Spiegel> everything went ok!!  So I think openssl cannot
Volker.Spiegel> process Netscape 6-SPKAC-Request at the moment?! 
Volker.Spiegel> 
Volker.Spiegel> I heard that there are some problems with the
Volker.Spiegel> formatting of the SPKAC-Request having extra ^M or the
Volker.Spiegel> like. But my SPKAC is ok! 
Volker.Spiegel> 
Volker.Spiegel> Maybe there is a bug in Netscape 6? Or in my OPENSSL? 
Volker.Spiegel> I am using OPENSSL 0.9.6a which is supplied with Linux
Volker.Spiegel> SuSe 7.3.

Well, that's correct, line breaks in SPKAC are a problem with
OpenSSL.  Joining the lines into one isn't very difficult in perl,
however.

You could do one of two things:

- send us example SPKACs generated by Netscape 4.7x and by Netscape 6,
  so we can see for ourselves.
- check the difference yourself and see if you can find what's wrong.


A note for Opera users: Opera uses the same mechanism as Netscape, and
unfortunately generates an SPKAC with embedded newlines every 64th
character.  Those must be removed before the SPKAC can be used with
OpenSSL.

-- 
Richard Levitte   \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken  \ S-168 35  BROMMA  \ T: +46-8-26 52 47
\  SWEDEN   \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/

Unsolicited commercial email is subject to an archival fee of $400.
See  for more info.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Is OpenSSL Production Ready?

2002-04-04 Thread Robert Joop 

On 02-04-03 23:04:29 CEST, Harald Koch wrote:
> dbm: style session caching does not work *WITH CLIENT CERTIFICATES*. The
> client certificate is mangled when it is loaded from the cached
> session.

it works for me.
i've got a web server
Server: Apache/1.3.17 (Unix) mod_jk mod_ssl/2.8.0 OpenSSL/0.9.6
that requires client certificates and it uses
SSLSessionCache dbm:/usr/local/apache-1.3.17/logs/ssl_scache
and i can navigate around for as long as the SSLSessionCacheTimeout
allows.

but i remember that i had to compile it myself and had use
--enable-rule=SSL_SDBM because of the standard dbm implementation's
limitation.

rj
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

a problem in BN_mod_exp

2002-04-04 Thread biswatosh chakraborty 

Hi
   While dealing on RSAKeyGen I accidentally discovered a set of numbers for 
which BN_mod_exp is giving a wrong result. I want to know whether I am wrong 
or even if my code is right, is there some limitation to BN_mod_exp?
I am interested to calculate (x^y)mod z by using BN_mod_exp(r,x,y,z) where 
the result is stored in r. I used openssl-0.9.6 downloaded from the openssl 
site two days back.
I will give here the values of x,y,z and r in hex. Could anybody please 
throw some light on the seemingly wrong result?
x = 3
y = 2DC6C0
z =

01035691B3FEC50B2AC41174CE60E220E2A33D4791F07BD4039644FE27C02617E1F50A252B6E0F4731BCD0811FB88E5C392338251EA4A63ECAA08CCC6447BC1446D0B8020D98AEE85A4BFEA2353A0268464FD68F0C4224FB011C2F3067C97E2B6C0F91D0F242D1BBACAD3C598481804420C546A0816F4CE5575F7F9B472BDD81FB1949


r = 
B6CF90E2BCC8E683FA61CEF3ABE0D2C0D226CF0F1DF29BFDDED2F17F81B60D9F939B502C078C8B995E6C231D0045D94606093963E3383911E3ED3460BBD109042AB0289CC37AA989F05B90280BBE56245AD452260EAF78D5EB22954A5681977FE06B86CA0A19730D5ABBC11F44DB7F154B74CDDACA4C7BA4AA6160A4F3E9CBB42423D36821827B13367C41759359BD37596FEF1F54AFB898D97FA124D0645E5B9FBF5F53A1207C9DA43E238AB57B7ECBF47A1A5CD5F411E8CFFBFAE0DABFE4E7290F2CD492E7C657605A6500DAE4AB6FB8E66B908D724F14EA090DC790C6C1AAF7A289844FC3642F466E42B62F1F1BCAE3A8C234A28CC76EAFB182C5DF3F93D2


And when I used  a large integer calculator and gmp library as well, I found 
that both gmp and the calculator were giving the same reult but of course 
different from ssl .ssl's output is in the varaible r ,given above.
gmp and the calculator gave the below number:

  0176B344F2A78C

Now,I went to the ssl BIGNUM code and  found that for odd modulus, it 
executes montogomery and for even it uses BN_mod_exp_simple. If you use 
simple for all cases it gives slow but correct result but montogomery seems 
to fail in case of some odd modulus like in the present case.
Any idea please?
bye

Thanks
Biswa


_
Join the world’s largest e-mail service with MSN Hotmail. 
http://www.hotmail.com

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: a problem in BN_mod_exp

2002-04-04 Thread Sean O'Riordain 

Hi Biswa,
what machine architecture are you using? ie a pentium (32-bit) or a 
usparc or alpha (64-bit) ?

cheers,
Sean

biswatosh chakraborty wrote:
> Hi
>   While dealing on RSAKeyGen I accidentally discovered a set of numbers 
> for which BN_mod_exp is giving a wrong result. I want to know whether I 
> am wrong or even if my code is right, is there some limitation to 
> BN_mod_exp?
> I am interested to calculate (x^y)mod z by using BN_mod_exp(r,x,y,z) 
> where the result is stored in r. I used openssl-0.9.6 downloaded from 
> the openssl site two days back.
> I will give here the values of x,y,z and r in hex. Could anybody please 
> throw some light on the seemingly wrong result?
> x = 3
> y = 2DC6C0
> z =
> 
> 
>01035691B3FEC50B2AC41174CE60E220E2A33D4791F07BD4039644FE27C02617E1F50A252B6E0F4731BCD0811FB88E5C392338251EA4A63ECAA08CCC6447BC1446D0B8020D98AEE85A4BFEA2353A0268464FD68F0C4224FB011C2F3067C97E2B6C0F91D0F242D1BBACAD3C598481804420C546A0816F4CE5575F7F9B472BDD81FB1949
> 
> 
> 
> 
> r = 
> 
>B6CF90E2BCC8E683FA61CEF3ABE0D2C0D226CF0F1DF29BFDDED2F17F81B60D9F939B502C078C8B995E6C231D0045D94606093963E3383911E3ED3460BBD109042AB0289CC37AA989F05B90280BBE56245AD452260EAF78D5EB22954A5681977FE06B86CA0A19730D5ABBC11F44DB7F154B74CDDACA4C7BA4AA6160A4F3E9CBB42423D36821827B13367C41759359BD37596FEF1F54AFB898D97FA124D0645E5B9FBF5F53A1207C9DA43E238AB57B7ECBF47A1A5CD5F411E8CFFBFAE0DABFE4E7290F2CD492E7C657605A6500DAE4AB6FB8E66B908D724F14EA090DC790C6C1AAF7A289844FC3642F466E42B62F1F1BCAE3A8C234A28CC76EAFB182C5DF3F93D2
> 
> 
> 
> 
> And when I used  a large integer calculator and gmp library as well, I 
> found that both gmp and the calculator were giving the same reult but of 
> course different from ssl .ssl's output is in the varaible r ,given above.
> gmp and the calculator gave the below number:
> 
>  0176B344F2A78C
> 
> Now,I went to the ssl BIGNUM code and  found that for odd modulus, it 
> executes montogomery and for even it uses BN_mod_exp_simple. If you use 
> simple for all cases it gives slow but correct result but montogomery 
> seems to fail in case of some odd modulus like in the present case.
> Any idea please?
> bye
> 
> Thanks
> Biswa
> 
> 
> _
> Join the world?s largest e-mail service with MSN Hotmail. 
> http://www.hotmail.com
> 
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Automated List Manager   [EMAIL PROTECTED]


__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

certificate creation example

2002-04-04 Thread Howard Chan 




Hello OpenSSL experts,
 
I've been experimenting, or more like playing 
around, with Openssl on Linux.  This is what I'm trying to do with OpenSSL 
:

  create a self-signed root CA certificate 
  create a private key and then a certificate 
  request 
  use the root CA cert to sign the certificate 
  request, thereby making a user certificate 
  finally, I want to verify the cert(ie. verify 
  -CApath ___ newcert.pem)
I'm no expert at this, but this is what I did (so 
far):

  I used 'openssl req -x509 -newkey rsa:1024 -keyout 
  key.pem -out req.pem' for Step 1 above. 
  I used 'openssl req -new -key privkey.pem -out 
  cert.csr' for Step 2 above.
For Step 3 above, I tried using the 'ca' 
command but always returned an error (which is attached), saying that it could 
not find files in the ./demoCA directory.  So I created a /demoCA directory 
on my machine containing the CA cert and it's private key and the serial and 
index files.  But still, when I ran the 'ca' command the same error 
occurs.
 
I know there's a CA.pl programwhich I can 
utilize to do the cert creation...but how do I use that?  Do I need to 
compile it or anything before I can use that program?  I'm not 
sure.
 
So I don't know what to do for Step 3 (sign a cert 
request with the CA root cert).  I'm out of ideas.
 
Please enlighten me with some ideas, or correct my 
errors if you could.
 
Thanks alot.
 
Best regards,
 
H. Chan

A quick question!

2002-04-04 Thread Zamangoer, Ferruh 

Hi All, 

can anybody tell when I have install OpenSSL I can see in my openssl.conf
that there are the following settings : 



[ ca ]
default_ca  = CA_default# The default ca section


[ CA_default ]

dir = ./demoCA  # Where everything is kept
certs   = $dir/certs# Where the issued certs are kept
crl_dir = $dir/crl  # Where the issued crl are kept
database= $dir/index.txt# database index file.
new_certs_dir   = $dir/newcerts # default place for new certs.

certificate = $dir/cacert.pem   # The CA certificate
serial  = $dir/serial   # The current serial number
crl = $dir/crl.pem  # The current CRL
private_key = $dir/private/cakey.pem# The private key
RANDFILE= $dir/private/.rand# private random number file

x509_extensions = usr_cert  # The extentions to add to the cert

etc...
.
.
.
.



the directory ./demoCA doen't exist in my OpenSSL directory must I create
this Directory or he certs-dir 


thanks for help


regrards 
Ferruh 
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

RE: A quick question!

2002-04-04 Thread Brandon Amundson 

When you run CA.pl -newca this will be created for you.  You can change
demo to anything you want. Their may be another reference to demo in the
CA.pl script, I cannot remember. If so, change it their also..

Brandon

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Zamangoer, Ferruh
Sent: Thursday, April 04, 2002 8:30 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: A quick question!


Hi All, 

can anybody tell when I have install OpenSSL I can see in my
openssl.conf that there are the following settings : 



[ ca ]
default_ca  = CA_default# The default ca section


[ CA_default ]

dir = ./demoCA  # Where everything is kept
certs   = $dir/certs# Where the issued certs are
kept
crl_dir = $dir/crl  # Where the issued crl are kept
database= $dir/index.txt# database index file.
new_certs_dir   = $dir/newcerts # default place for new certs.

certificate = $dir/cacert.pem   # The CA certificate
serial  = $dir/serial   # The current serial number
crl = $dir/crl.pem  # The current CRL
private_key = $dir/private/cakey.pem# The private key
RANDFILE= $dir/private/.rand# private random number file

x509_extensions = usr_cert  # The extentions to add to the
cert

etc...
.
.
.
. 


the directory ./demoCA doen't exist in my OpenSSL directory must I
create this Directory or he certs-dir 


thanks for help


regrards 
Ferruh 
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Reading encrypted RSA key with PEM_read_PrivateKey

2002-04-04 Thread Jari Lappalainen 


Hello

When I make an RSA key with

openssl genrsa -out key.pem 1024

I can read it fine with 

FILE* fp = ...;
EVP_PKEY* pkey;
pkey = PEM_read_PrivateKey(fp, 0, 0, 0);

and use pkey to sign data. If I try the same with DES3 encryption

openssl genrsa -out key.pem -des3 1024

the same code gives an error

error:0906B072:PEM routines:PEM_get_EVP_CIPHER_INFO:unsupported encryption
 
The pass phrase usage in apps/rsa.c suggests

pkey = PEM_read_PrivateKey(fp, 0, 0, "passphrase");

could work. It doesn't, but gives the same error.

Does anyone know a way read encrypted RSA keys to EVP_PKEY* variable?
Or maybe RSA keys are not meant to be used this way?

This refers to openssl-0.9.6c on a RH 7.2.

Thanks,

Jari Lappalainen
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

X509v3 Certificate Policies

2002-04-04 Thread Paul Hanrahan 



Hi,
 
I'm looking to add X509v3 Certificate Policies to a 
new CA certificate. Is there any example of certificate policy entries for an 
openssl.cnf file similar to those provied for keyusage and nsCertType ?
 
thanks
 
Paul
 
 

R: R: need help

2002-04-04 Thread Francesco Dal Bello 

I have build OpenSSL on my platform (very similar to your plat) with those steps and 
they had worked fine. 
Unpack openssl package (openssl-0.9.7-stable-SNAP-20020226 in my case) on HD (ex. 
C:\OpenSSL)
You don't have to modify anything.
Copy VCVARS32.BAT on this folder (for convenience).
Install ActivePerl (you have alredy do it).
Go to cmd session. Go to C:\OpenSSL.
> VCVARS32
> perl Configure VC-WIN32
> ms\do_ms
> nmake -f ms\ntdll.mak


Francesco
Dal Bello


-Messaggio originale-
Da: Alberto T Isais [mailto:[EMAIL PROTECTED]]
Inviato: venerdì 5 aprile 2002 0.47
A: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Oggetto: Re: R: need help


Thank you very much for attending to my needs. However, i already did that -> i ran 
VCVARS32.BAT before, still the same problem. My system is windows 2000 OS SP1, Windows 
2000 DDK, ActivePerl-5.6.1.631-MSWin32-x86, and MSVC++ 6. I opened the hw_aep.c it has 
the line #include .
 I tried to search for that file and found only one! It is in the active pearl 
directory(C:\perl\site\lib\Tk\pTk\compat). I tried to include this directory in the 
c++ environment and i receive the error messages below. i still think that this is not 
the unistd.h needed. Please help me on this one. i also included the steps i did to 
compile it. please see below.

Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-1999 Microsoft Corp.

C:\>cd C:\openssl-engine-0.9.6c

C:\openssl-engine-0.9.6c>perl Configure VC-WIN32
Configuring for VC-WIN32
IsWindows=1
CC=cl
CFLAG =-DTHREADS  -DDSO_WIN32
EX_LIBS   =
BN_ASM=bn_asm.o
DES_ENC   =des_enc.o fcrypt_b.o
BF_ENC=bf_enc.o
CAST_ENC  =c_enc.o
RC4_ENC   =rc4_enc.o
RC5_ENC   =rc5_enc.o
MD5_OBJ_ASM   =
SHA1_OBJ_ASM  =
RMD160_OBJ_ASM=
PROCESSOR =
RANLIB=true
PERL  =perl
THIRTY_TWO_BIT mode
BN_LLONG mode
RC4_INDEX mode
RC4_CHUNK is undefined

Configured for VC-WIN32.

C:\openssl-engine-0.9.6c>ms\do_masm
Generating x86 for MASM assember
Bignum
DES
"crypt(3)"
Blowfish
CAST5
RC4
MD5
SHA1
RIPEMD160
RC5\32

C:\openssl-engine-0.9.6c>perl util\mkfiles.pl  1>MINFO

C:\openssl-engine-0.9.6c>rem perl util\mk1mf.pl VC-MSDOS no-sock >ms\msdos.mak

C:\openssl-engine-0.9.6c>rem perl util\mk1mf.pl VC-W31-32 >ms\w31.mak

C:\openssl-engine-0.9.6c>perl util\mk1mf.pl dll VC-W31-32  1>ms\w31dll.mak

C:\openssl-engine-0.9.6c>perl util\mk1mf.pl VC-WIN32  1>ms\nt.mak

C:\openssl-engine-0.9.6c>perl util\mk1mf.pl dll VC-WIN32  1>ms\ntdll.mak

C:\openssl-engine-0.9.6c>perl util\mkdef.pl 16 libeay  1>ms\libeay16.def

C:\openssl-engine-0.9.6c>perl util\mkdef.pl 32 libeay  1>ms\libeay32.def

C:\openssl-engine-0.9.6c>perl util\mkdef.pl 16 ssleay  1>ms\ssleay16.def

C:\openssl-engine-0.9.6c>perl util\mkdef.pl 32 ssleay  1>ms\ssleay32.def

C:\openssl-engine-0.9.6c>vcvars32.bat
Setting environment for using Microsoft Visual C++ tools.
C:\openssl-engine-0.9.6c>
C:\openssl-engine-0.9.6c>nmake -f ms\ntdll.mak

Microsoft (R) Program Maintenance Utility   Version 6.00.8168.0
Copyright (C) Microsoft Corp 1988-1998. All rights reserved.

Building OpenSSL
copy nul+ .\crypto\buildinf.h tmp32dll\buildinf.h
nul
.\crypto\buildinf.h
1 file(s) copied.
copy nul+ .\crypto\opensslconf.h inc32\openssl\opensslconf.h
nul
.\crypto\opensslconf.h
1 file(s) copied.
ml /Cp /coff /c /Cx /Focrypto\md5\asm\m5-win32.obj .\crypto\md5\asm\m5-w
in32.asm
Microsoft (R) Macro Assembler Version 6.13.8204
Copyright (C) Microsoft Corp 1981-1997.  All rights reserved.

 Assembling: .\crypto\md5\asm\m5-win32.asm
ml /Cp /coff /c /Cx /Focrypto\sha\asm\s1-win32.obj .\crypto\sha\asm\s1-w
in32.asm
Microsoft (R) Macro Assembler Version 6.13.8204
Copyright (C) Microsoft Corp 1981-1997.  All rights reserved.

 Assembling: .\crypto\sha\asm\s1-win32.asm
ml /Cp /coff /c /Cx /Focrypto\ripemd\asm\rm-win32.obj .\crypto\ripemd\as
m\rm-win32.asm
Microsoft (R) Macro Assembler Version 6.13.8204
Copyright (C) Microsoft Corp 1981-1997.  All rights reserved.

 Assembling: .\crypto\ripemd\asm\rm-win32.asm
ml /Cp /coff /c /Cx /Focrypto\des\asm\d-win32.obj .\crypto\des\asm\d-win
32.asm
Microsoft (R) Macro Assembler Version 6.13.8204
Copyright (C) Microsoft Corp 1981-1997.  All rights reserved.

 Assembling: .\crypto\des\asm\d-win32.asm
ml /Cp /coff /c /Cx /Focrypto\des\asm\y-win32.obj .\crypto\des\asm\y-win
32.asm
Microsoft (R) Macro Assembler Version 6.13.8204
Copyright (C) Microsoft Corp 1981-1997.  All rights reserved.

 Assembling: .\crypto\des\asm\y-win32.asm
ml /Cp /coff /c /Cx /Focrypto\rc4\asm\r4-win32.obj .\crypto\rc4\asm\r4-w
in32.asm
Microsoft (R) Macro Assembler Version 6.13.8204
Copyright (C) Microsoft Corp 1981-1997.  All rights reserved.

 Assembling: .\crypto\rc4\asm\r4-win32.asm
ml /Cp /coff /c /Cx /Focrypto\rc5\asm\r5-win32.obj .\crypto\rc5\asm\r5-w
in32.asm
Microsoft (R) Macro Assembler Version 6.13.8204
Copyright (C) Microsoft Corp 1981-1997.  All rights rese

RE: certificate creation example

2002-04-04 Thread Brandon Amundson 
Title: Message



Howard, 
 
I 
found a pretty good write up for doing this.  Here it 
is.
 
Brandon
 
SSL 
Certificates HOWTO
 
Franck 
Martin
 
Revision 
History 
Revision 
v0.1    
2001-11-18    
Revised by: 
fm    

 
A first hand approach on how to manage a certificate authority (CA), 
andissue or sign certificates to be used for secure web, secure e-mail, 
orsigning code and other usages.
 
-Table 
of Contents1. Generalities    1.1. 
History    1.2. Introduction    1.3. What 
is SSL and what are Certificates?    1.4. What about S/Mime 
or other protocols?      2. Certificate 
Management    2.1. Installation    2.2. 
Create a Root Certification Authority Certificate.    2.3. 
Create a non root Certification Authority Certificate.    
2.4. Install the CA root certificate as a Trusted Root 
Certificate    2.5. Certificate 
management    2.6. Securing Internet 
Protocols.    2.7. Securing E-mails.   
   
 
-Chapter 
1. Generalities
 
1.1. History
 
V0.1 - Franck Martin <[EMAIL PROTECTED]>
 
Creation of the 
HOWTO-
 
1.2. Introduction
 
Dear reader, like myself you have read intensively the man pages of 
theapplications of the [http://www.openssl.org/] OpenSSL project, and 
likemyself, you couldn't figure out where to start, and how to work securely 
withcertificates. Here is the answer to most of your questions.
 
This HOWTO will also deal with non-linux applications, as there is no use 
toissue certificates if you can't use them... May be all applications won't 
belisted here, but please send me additional paragraphs and corrections. I 
canbe reached at the following address:[mailto: [EMAIL PROTECTED]][EMAIL PROTECTED].-
 
1.2.1. Disclaimer and Licence
 
This document is distributed in the hope that it will be useful, but 
WITHOUTANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 
FITNESSFOR A PARTICULAR PURPOSE.
 
In short, if the advises given here break the security of your 
e-commerceapplication, then tough luck- it's never our fault. Sorry.
 
Copyright (c) 2001 by Franck Martin and others from the openssl-users 
mailinglist under GFDL (the [http://www.gnu.org/] GNUFree Documentation 
License).
 
Please freely copy and distribute (sell or give away) this document in 
anyformat. It's requested that corrections and/or comments be forwarded to 
thedocument maintainer. You may create a derivative work and distribute 
itprovided that you:
 
 1. Send your derivative work (in the most suitable format such as 
sgml) to    the LDP (Linux Documentation Project) or the like 
for posting on the    Internet. If not the LDP, then let the 
LDP know where it is available.    2. License the 
derivative work with this same license or use GPL. Include 
a    copyright notice and at least a pointer to the license 
used.    3. Give due credit to previous authors and major 
contributors. If you're    considering making a derived work 
other than a translation, it's    requested that you discuss 
your plans with the current maintainer.   
 
It is also requested that if you publish this HOWTO in hardcopy that you 
sendthe authors some samples for 'review purposes' :-). You may also want to 
sendsomething to cook my noodles 
;-)-
 
1.2.2. Prior knowledge
 
As indicated in the introduction, this documents is an hand-on HOWTO, and 
itis therefore required that you consult the man pages of the OpenSSL 
software,as well as to read security books to learn how your security could 
becompromised. As certificates are meant to increase the security of 
yourtransactions, it is VERY important that you understand all the 
securityimplications of your actions and what security OpenSSL does not 
provide.-
 
1.3. What is SSL and what are Certificates?
 
The Secure Socket Layer protocol was created by Netscape to ensure 
securetransactions between web servers and browsers. The protocol use a 
thirdparty, a Certificate Authority (CA), to identify one end or both end of 
thetransactions. This is in short how does it work.
 
 1. A browser request a secure page (usually 
https://).    2. The web server send its public key with 
its certificate.    3. The browser check that the 
certificate was issued by a trusted party    (us-ally a 
trusted root CA), that the certificate is still valid and 
that    the certificate is related to the site 
contacted.    4. The browser then use the public key, to 
encrypt a random symmetric    encryption key and sends it to 
the server with the encrypted URL re

AW: A quick question!

2002-04-04 Thread Zamangoer, Ferruh 

Thanks Brandon for your reply.

-Ursprüngliche Nachricht-
Von: Brandon Amundson [mailto:[EMAIL PROTECTED]]
Gesendet: Donnerstag, 4. April 2002 16:19
An: [EMAIL PROTECTED]
Betreff: RE: A quick question!


When you run CA.pl -newca this will be created for you.  You can change
demo to anything you want. Their may be another reference to demo in the
CA.pl script, I cannot remember. If so, change it their also..

Brandon

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Zamangoer, Ferruh
Sent: Thursday, April 04, 2002 8:30 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: A quick question!


Hi All, 

can anybody tell when I have install OpenSSL I can see in my
openssl.conf that there are the following settings : 



[ ca ]
default_ca  = CA_default# The default ca section


[ CA_default ]

dir = ./demoCA  # Where everything is kept
certs   = $dir/certs# Where the issued certs are
kept
crl_dir = $dir/crl  # Where the issued crl are kept
database= $dir/index.txt# database index file.
new_certs_dir   = $dir/newcerts # default place for new certs.

certificate = $dir/cacert.pem   # The CA certificate
serial  = $dir/serial   # The current serial number
crl = $dir/crl.pem  # The current CRL
private_key = $dir/private/cakey.pem# The private key
RANDFILE= $dir/private/.rand# private random number file

x509_extensions = usr_cert  # The extentions to add to the
cert

etc...
.
.
.
. 


the directory ./demoCA doen't exist in my OpenSSL directory must I
create this Directory or he certs-dir 


thanks for help


regrards 
Ferruh 
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

how to reissue certificate

2002-04-04 Thread Sarath Chandra M 

Hi,
I am using openssl in linux. I hav a default configuration.
I created a selfsigned CA certificate and some user certificates.
There is some problem with one of the certificates as I am unable
to import it in internet explorer. Now I would like to reissue
certificates to this user. But the entry will be in index.txt.
How can I create another certificate for this user ? If I create a CRL
and revoke this user certificate, will I be able to issue a new one for
the same user without any problem ? Kindly guide me for this issue.

regards
Sarath Chandra M

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Compatibility with Crypt::DES

2002-04-04 Thread Nick Roberts 

Hi,

I'm trying to use the openssl libraries to decrypt text encrypted using
perl's Crypt::DES module without success. After failing using CBC, I've
switched to a simple 8 byte block encrypted with des_ecb_encrypt and this
still produces different cipher text. Which presumably means the problem
lies with the key ? I take a hardcoded 8 byte key and use des_string_to_key
and then create a des_key_sched prior to doing the encryption.

Does anyone have any suggestions or any experience of using perl / openssl
together just for DES as opposed to complete SSL communication ?

thanks
Nick Roberts


__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Compatibility with Crypt::DES

2002-04-04 Thread Joern Sierwald 

At 11:46 04.04.2002 -0500, you wrote:
>Hi,
>
>I'm trying to use the openssl libraries to decrypt text encrypted using
>perl's Crypt::DES module without success. After failing using CBC, I've
>switched to a simple 8 byte block encrypted with des_ecb_encrypt and this
>still produces different cipher text. Which presumably means the problem
>lies with the key ?

Right you are, sir.

>  I take a hardcoded 8 byte key and use des_string_to_key
>and then create a des_key_sched prior to doing the encryption.

Err, why do you call des_string_to_key in the first place?
It expects a zero-terminated string. And calls strlen() for it.

Maybe you are not aware that you just put your 8 bytes in a des_cblock.
With memcpy or something.

>Does anyone have any suggestions or any experience of using perl / openssl
>together just for DES as opposed to complete SSL communication ?
>
>thanks
>Nick Roberts

Jörn

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

help w/ compiling openssl on Darwin Mac OS X

2002-04-04 Thread Zoltan Milosevic 

Hello all,

I have downloaded openssl-0.9.6c.tar.gz and then ran "./config; make clean;
make".  It sat there and compiled for a long long time but then finished
with:

...
_ASN1_UTCTIME_cmp_time_t
_X509_email_free
_X509_get1_email
_MD4
_ftime
_X509_NAME_print_ex
_d2i_PUBKEY_bio
make[1]: *** [openssl] Error 1
make: *** [sub_all] Error 1
[localhost:zoltan/tmp/openssl-0.9.6c] root#

Apparently this is an error but I have no idea of how to fix it.  I tried
compiling a couple of times but it always stopped in the same place.  Does
anyone have any ideas on how to fix this?  Are there pre-compiled binaries
available for Darwin???

Thanks,
Zoltan Milosevic
http://www.xav.com/


__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

installing on solaris using GNU C

2002-04-04 Thread Thorson, Ronald T. 

I've downloaded the openssl-engine-0.9.6c.tar.gz extracted contents...after
running the sh config command the make results in errors of invalid options:
-KPIC -Xa -xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa
I'm using version 2.95.3 20010315 (release) of the GNU GCC compiler...any
suggestions would be appreciated.

Ron Thorson
Chief Computer Scientist
SAIC
Center for Advanced Information Technology
Office:(858)826-4069
Cell:(858)735-8467
Fax:(858)826-5617

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

OpenSSL X IE browsers 56/40 bits (COULD NOT MAKE A SSL SESSION)

2002-04-04 Thread Luis Felipe Motta 




I'm experiencing some troubles installing a 
server certificate with 128 bits encription. When I'm accessing the website 
common name with an IE browser with 128 bits encription the SSL works nicely. 

 
BUT when the website common name is 
accessed by an IE with 40 bits or 56 bits encription the SSL conection is ONLY 
made when I modify my browser configuration disabling the options SSL 3.0 and 
TLS 1.0 and only then it conects with low criptography.
 
My O/S is HP-UX with OpenSSL 
0.9.6
 
My ciphersuite is : 
 
SSLCipherSuite 
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP 
I hope you guys can help me, because my dead line is 
coming and I've already search in a lot of mailing lists and didn't get any 
answer from no one.
 
Luis Felipe 
Motta

FTP with SSL

2002-04-04 Thread Pooleery, Manoj 

Hi,

I am using the OpenSA web server for my application(which has OpenSSL along
with Apache).  I am having problems configuring an FTP server to work along
with OpenSSL.  With http, the FTP server works fine, but when I use https,
the FTP server is unable to serve files.  Has anyone came across such a
situation before?  Can anybody tell me if I am doing something wrong?

Thanks
Manoj.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: FTP with SSL

2002-04-04 Thread jaltman 

> Hi,
> 
> I am using the OpenSA web server for my application(which has OpenSSL along
> with Apache).  I am having problems configuring an FTP server to work along
> with OpenSSL.  With http, the FTP server works fine, but when I use https,
> the FTP server is unable to serve files.  Has anyone came across such a
> situation before?  Can anybody tell me if I am doing something wrong?
> 
> Thanks
> Manoj.
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Automated List Manager   [EMAIL PROTECTED]
> 

Why would an FTP server be involved in serving your files via HTTP?



 Jeffrey Altman * Sr.Software Designer  C-Kermit 8.0 available now!!!
 The Kermit Project @ Columbia University   includes Telnet, FTP and HTTP
 http://www.kermit-project.org/ secured with Kerberos, SRP, and 
 [EMAIL PROTECTED]OpenSSL. Interfaces with OpenSSH
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: FTP with SSL

2002-04-04 Thread Magnus Kulke 

On Thursday 04 April 2002 21:12, Pooleery, Manoj wrote:
> Hi,
>
> I am using the OpenSA web server for my application(which has OpenSSL along
> with Apache).  I am having problems configuring an FTP server to work along
> with OpenSSL.  With http, the FTP server works fine, but when I use https,
> the FTP server is unable to serve files.  Has anyone came across such a
> situation before?  Can anybody tell me if I am doing something wrong?
>
> Thanks
> Manoj.

secure ftp isn't very advanced yet. there's no rfc of ssl/tls-ftp yet, only a 
draft. which ftp-server are you using? as far as i know very few ftp-servers 
have secure ftp implemented yet. glftpd is one of them (www.glftpd.com).

magnus
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

RE: FTP with SSL

2002-04-04 Thread Pooleery, Manoj 

Let me put it this way : I am using Java as the development platform.  From
withinside a servlet, if I redirect my response to FTP, if the program is
running using http, the redirection works.  But if it is ran using https,
the redirection fails.  Any possible reason?

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Thursday, April 04, 2002 2:24 PM
To: [EMAIL PROTECTED]
Cc: '[EMAIL PROTECTED]'
Subject: Re: FTP with SSL


> Hi,
> 
> I am using the OpenSA web server for my application(which has OpenSSL
along
> with Apache).  I am having problems configuring an FTP server to work
along
> with OpenSSL.  With http, the FTP server works fine, but when I use https,
> the FTP server is unable to serve files.  Has anyone came across such a
> situation before?  Can anybody tell me if I am doing something wrong?
> 
> Thanks
> Manoj.
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Automated List Manager   [EMAIL PROTECTED]
> 

Why would an FTP server be involved in serving your files via HTTP?



 Jeffrey Altman * Sr.Software Designer  C-Kermit 8.0 available now!!!
 The Kermit Project @ Columbia University   includes Telnet, FTP and HTTP
 http://www.kermit-project.org/ secured with Kerberos, SRP, and 
 [EMAIL PROTECTED]OpenSSL. Interfaces with OpenSSH
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: FTP with SSL

2002-04-04 Thread Jeffrey Altman 


> secure ftp isn't very advanced yet. there's no rfc of ssl/tls-ftp yet, only a 
> draft. which ftp-server are you using? as far as i know very few ftp-servers 
> have secure ftp implemented yet. glftpd is one of them (www.glftpd.com).
> 

There are many servers that have TLS FTP support.  See 

  http://www.kermit-project.org/ftpd.html

for one list.  



 Jeffrey Altman * Sr.Software Designer  C-Kermit 8.0 available now!!!
 The Kermit Project @ Columbia University   includes Telnet, FTP and HTTP
 http://www.kermit-project.org/ secured with Kerberos, SRP, and 
 [EMAIL PROTECTED]OpenSSL. Interfaces with OpenSSH
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Is OpenSSL Production Ready?

2002-04-04 Thread Michael Kobar 

--- Brian Panulla <[EMAIL PROTECTED]> wrote:
> Does anyone actually use OpenSSL for a production,
> business operation? 
>
Yes we do.  We have several commercial products which use OpenSSL for SSL, RSA key and 
X.509 certificate generation and encryption.  We have been using it since SSLeay days 
and have seen significant improvement under the management of the OpenSSL Development 
team, and the huge traffic on the mailing lists.

We have used Consensus SSLplus, RSA BSAFE, and Baltimore KeyTools and have found 
OpenSSL no harder to use.  The one facet of OpenSSL which is both the best and worst 
of worlds is the availability of multiple levels of APIs.  Yea, open source.  It is a 
lot to swallow, especially for a beginner crypto programmer.

And we are not the only ones.  Stronghold is the famous commercial product using both 
Apache and OpenSSL.

Perhaps OpenSSL.org should accept and post commercial product  names and/or start a 
voluntary "OpenSSL Inside" type branding program (like the "powered by Apache" logo).

Mike


Michael Kobar   [EMAIL PROTECTED]
Software Engineer   860.434.4018
Lymeware Corporation801.383.9021 fax
www.lymeware.com

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

OpenSSL X IE browsers 56/40 bits (COULD NOT MAKE A SSL SESSION)

2002-04-04 Thread Luis Felipe Motta 




I'm experiencing some troubles installing a 
server certificate with 128 bits encription. When I'm accessing the website 
common name with an IE browser with 128 bits encription the SSL works nicely. 

 
BUT when the website common name is 
accessed by an IE with 40 bits or 56 bits encription the SSL conection is ONLY 
made when I modify my browser configuration disabling the options SSL 3.0 and 
TLS 1.0 and only then it conects with low criptography.
 
My O/S is HP-UX with OpenSSL 
0.9.6
 
My ciphersuite is : 
 
SSLCipherSuite 
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP 
I hope you guys can help me, because my dead line is 
coming and I've already search in a lot of mailing lists and didn't get any 
answer from no one.
 
P.S.: could someone answer me through my personal email : [EMAIL PROTECTED] or [EMAIL PROTECTED], because I 
didn't saw my message in the archives...so I'm afraid no one is seeing my 
questions
 
Luis Felipe 
Motta