Re: Certificate as license ? (Out of Office)
I will not be able to check emails until Monday 16 September. Please call me on +44 773 663 6817. Andy __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: certs not working through Java (Out of Office)
I will not be able to check emails until Monday 16 September. Please call me on +44 773 663 6817. Andy __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Certificate as license ? (Out of Office)
I will not be able to check emails until Monday 16 September. Please call me on +44 773 663 6817. Andy __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
someone in the UK phone Andy pls
and tell him to phone someone at his company to disable his auto-response thingy. Otherwise we are going to end up with hundreds of these things...!! Thanks Jose -- --- This e-mail and its attachments may contain information that is confidential and that may be subject to legal privilege and copyright. If you are not the intended recipient you may not peruse, use, disclose, distribute, copy or retain this message. If you have received this message in error, please notify the sender immediately by e-mail, facsimile or telephone and return and thereafter destroy the original message. Please note that e-mails are subject to viruses, data corruption, delay, interception and unauthorised amendment, and that the sender does not accept liability for any damages that may be incurred as a result of communication by e-mail. No employee or intermediary is authorised to conclude a binding agreement on behalf of the sender by e-mail without express written confirmation by a duly authorised representative of the sender. By transmitting this e-mail message over the Internet the sender does not intend to allow the contents hereof to become part of the public domain, and the confidential nature of the contents shall not be altered or diminished from by such transmission. -- --- __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: certs not working through Java (Out of Office)
I will not be able to check emails until Monday 16 September. Please call me on +44 773 663 6817. Andy __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Certificate as license ? (Out of Office)
I will not be able to check emails until Monday 16 September. Please call me on +44 773 663 6817. Andy __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: someone in the UK phone Andy pls (Out of Office)
I will not be able to check emails until Monday 16 September. Please call me on +44 773 663 6817. Andy __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Help understanding
Does any one ran Apache with a FIPS(3DES in perticular) complient SSL libs? If so, where can we get these libs (vendor or free versions). Regards Krishna __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: certs not working through Java (Out of Office)
I will not be able to check emails until Monday 16 September. Please call me on +44 773 663 6817. Andy __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: someone in the UK phone Andy pls
On Thu, 12 Sep 2002 16:59:17 +0200, Jose Correia (J) wrote: and tell him to phone someone at his company to disable his auto-response thingy. Otherwise we are going to end up with hundreds of these things...!! yeah, it's really annoying. aleix __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Certificate as license ? (Out of Office)
I will not be able to check emails until Monday 16 September. Please call me on +44 773 663 6817. Andy __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: someone in the UK phone Andy pls
Or how about un-subscribing him? At 04:59 PM 9/12/2002 +0200, Jose Correia (J) wrote: and tell him to phone someone at his company to disable his auto-response thingy. Otherwise we are going to end up with hundreds of these things...!! Thanks Jose -- --- This e-mail and its attachments may contain information that is confidential and that may be subject to legal privilege and copyright. If you are not the intended recipient you may not peruse, use, disclose, distribute, copy or retain this message. If you have received this message in error, please notify the sender immediately by e-mail, facsimile or telephone and return and thereafter destroy the original message. Please note that e-mails are subject to viruses, data corruption, delay, interception and unauthorised amendment, and that the sender does not accept liability for any damages that may be incurred as a result of communication by e-mail. No employee or intermediary is authorised to conclude a binding agreement on behalf of the sender by e-mail without express written confirmation by a duly authorised representative of the sender. By transmitting this e-mail message over the Internet the sender does not intend to allow the contents hereof to become part of the public domain, and the confidential nature of the contents shall not be altered or diminished from by such transmission. -- --- __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: someone in the UK phone Andy pls
Just Spoke to Andy.. (apparently someone has already SMS'ed him) So he is aware of the situation Unfortunately he is away from his desk[sic] but will get someone to sort it out ASAP -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jose Correia (J) Sent: 12 September 2002 15:59 To: [EMAIL PROTECTED] Subject: someone in the UK phone Andy pls and tell him to phone someone at his company to disable his auto-response thingy. Otherwise we are going to end up with hundreds of these things...!! Thanks Jose -- --- This e-mail and its attachments may contain information that is confidential and that may be subject to legal privilege and copyright. If you are not the intended recipient you may not peruse, use, disclose, distribute, copy or retain this message. If you have received this message in error, please notify the sender immediately by e-mail, facsimile or telephone and return and thereafter destroy the original message. Please note that e-mails are subject to viruses, data corruption, delay, interception and unauthorised amendment, and that the sender does not accept liability for any damages that may be incurred as a result of communication by e-mail. No employee or intermediary is authorised to conclude a binding agreement on behalf of the sender by e-mail without express written confirmation by a duly authorised representative of the sender. By transmitting this e-mail message over the Internet the sender does not intend to allow the contents hereof to become part of the public domain, and the confidential nature of the contents shall not be altered or diminished from by such transmission. -- --- __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Certificate as license ? (Out of Office)
I will not be able to check emails until Monday 16 September. Please call me on +44 773 663 6817. Andy __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: someone in the UK phone Andy pls (Out of Office)
I will not be able to check emails until Monday 16 September. Please call me on +44 773 663 6817. Andy __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Fw: RE: someone in the UK phone Andy pls
Begin forwarded message: Date: Thu, 12 Sep 2002 16:30:13 +0100 From: Andy Schneider [EMAIL PROTECTED] To: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: RE: someone in the UK phone Andy pls Have just text'ed Andy's mobile. Aleix - can you fwd to openssl-users if it doesn't appear on the mail list since this e-mail will be in HTML. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
coalesced data.
hi, the specification of ssl says that in the record layer messages can get coalesced. But i did not see this happening in my test program. my test program had one server and one client. the server after accepting connection reads 16 kb of data at a time. The client sends two messages both more than 16 kb in size but not multiple of it. The messages are written one after the other simulteneously. If it get coalesced then while reading the second part of the first message should also contain some of the first part of the second message like what happends in normal tcp. Is this behaviour normal. I could not find any document which says this is guaranteed that the messages wont coalesce. Could anyone clear my doubt please. thanks,Kaushik Vishwakarma Get Your Private, Free E-mail from Indiatimes at http://email.indiatimes.comBuy Music, Video, CD-ROM, Audio-Books and Music Accessories from http://www.planetm.co.inChange the way you talk. Indiatimes presents "Valufon", Your PC to Phone service with clear voice at rates far less than the normal ISD rates. Go to http://www.valufon.indiatimes.com. Choose your plan. BUY NOW.
Re: coalesced data.
kaushik_vishwakarma [EMAIL PROTECTED] writes: [1 text/plain; us-ascii (7bit)] hi, the specification of ssl says that in the record layer messages can get coalesced. But i did not see this happening in my test program. my test program had one server and one client. the server after accepting connection reads 16 kb of data at a time. The client sends two messages both more than 16 kb in size but not multiple of it. The messages are written one after the other simulteneously. If it get coalesced then while reading the second part of the first message should also contain some of the first part of the second message like what happends in normal tcp. Is this behaviour normal. I could not find any document which says this is guaranteed that the messages wont coalesce. Could anyone clear my doubt please. While SSL CAN coalesce data, in general implementations don't coalesce user writes, in order to avoid confused programmers :) -Ekr -- [Eric Rescorla [EMAIL PROTECTED]] http://www.rtfm.com/ __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: someone in the UK phone Andy pls
C'mon give the guy a break. It's an innocent mistake and could happen to anybody. He said he will take care of the problem so just leave him alone for a while. - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, September 12, 2002 11:24 AM Subject: RE: someone in the UK phone Andy pls No answer right now - I left hime a text messsage. Colin -Original Message- From: CorreiJ [SMTP:[EMAIL PROTECTED]] Sent: Thursday, September 12, 2002 3:59 PM To: openssl-users Subject: someone in the UK phone Andy pls and tell him to phone someone at his company to disable his auto-response thingy. Otherwise we are going to end up with hundreds of these things...!! Thanks Jose -- --- This e-mail and its attachments may contain information that is confidential and that may be subject to legal privilege and copyright. If you are not the intended recipient you may not peruse, use, disclose, distribute, copy or retain this message. If you have received this message in error, please notify the sender immediately by e-mail, facsimile or telephone and return and thereafter destroy the original message. Please note that e-mails are subject to viruses, data corruption, delay, interception and unauthorised amendment, and that the sender does not accept liability for any damages that may be incurred as a result of communication by e-mail. No employee or intermediary is authorised to conclude a binding agreement on behalf of the sender by e-mail without express written confirmation by a duly authorised representative of the sender. By transmitting this e-mail message over the Internet the sender does not intend to allow the contents hereof to become part of the public domain, and the confidential nature of the contents shall not be altered or diminished from by such transmission. -- --- __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: coalesced data.
Data may be coalesced. It does not HAVE to happen but it MAY happen. Note that TCP does not preserve record boundaries: two writes may end up being read in three parts, e.g. What you're seeing is just a circumstance of your network setup. No guarantees. /r$ __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: coalesced data.
Rich Salz [EMAIL PROTECTED] writes: Data may be coalesced. It does not HAVE to happen but it MAY happen. Note that TCP does not preserve record boundaries: two writes may end up being read in three parts, e.g. What you're seeing is just a circumstance of your network setup. No guarantees. Sort of. SSL's record boundaries are generally controlled by the toolkit on either end and don't depend much on the network. Here's a *very* rough overview of the situation as it applies to most implementations: (1) If you call write and don't get an error, it's generally safe to assume that the data will be written to the network. Because the SSL impl is in the app layer, this generally means that each write turns into one or more records. [0] Records are almost never coalesced on write. [1] (2) If you call read, you generally get the smaller of of (a) the size of the record you're reading (b) the size of the buffer you passed in. More detail on this can be found in SSL and TLS chapter 8. -Ekr [0] In TCP writes, the kernel is able to asynchronously flush the buffers but this is inconvenient with application level code unless you have some other thread to handle network flushes. [1] In some implementations, you can add buffering BEFORE the SSL code, but this is a different story. -- [Eric Rescorla [EMAIL PROTECTED]] http://www.rtfm.com/ __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: certs not working through Java
Jose Correia (J) wrote: Hi all I was wondering if anyone has integrated client authentication through Java but on a b2b manner (i.e. without using a browser as the client but rather making use of the .keystore generated by the Java keytool application). Since this list is not java related, I don't want to offend anyone here by describing java related issues. If anyone is willing to share their experience I would rather then start/continue the conversation off list. Well, this reply is half related to OpenSSL, so here goes... My group is building an application in which the server is implemented in C with OpenSSL and clients could be Java, C, or whatever. The initial client was attempted in Java (1.4) with the built-in JSSE. We were unable to get client-side authentication to work, and the proprietary certificate format used by the keytool program added an extra conversion step. Eric Rescorla suggested that I investigate the PureTLS Java SSL implementation that he did under contract with Claymore Systems. In short, it works. The PureTLS API is more sensible, from the point of view of someone familiar with OpenSSL. Both clients and servers can authenticate themselves with certificates that are stored in standard format. The only glitch was that PureTLS does not compile with the 1.4 JDK and our client uses some Swing features that are only in 1.4. It turns out that PureTLS can be built under the 1.3 JDK and the resulting class files work fine with classes compiled under 1.4. The OpenSSL stuff on the server side is modelled closely after Eric's sample code and gave no problems at all. Paul Allen -- Boeing Phantom Works \ Paul L. Allen, (425) 865-3297 Math Computing Technology \ [EMAIL PROTECTED] POB 3707 M/S 7L-40, Seattle, WA 98124-2207 \ Prototype Systems Group __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Compiling on VMS with C++ 6.0
In message 5.1.0.14.2.20020906114151.00a4e6b0@interjet on Fri, 06 Sep 2002 11:49:36 +0200, Peter Aben [EMAIL PROTECTED] said: petera One of our customers uses the DEC C++ (6.0) compiler on VMS. Our code petera (which uses OpenSSL functions) has to be linked to the customer's software. petera After customizing the makefile, we have tried to compile the OpenSSL petera toolkit with the C++ compiler, but there are a lot of typecast problems, petera and perhaps other kinds of problems we don't know yet. petera We could port the OpenSSL source file by file, but we don't like that petera solution, because we have to do it all again in case of an OpenSSL update. Sorry that I didn't respond earlier. I'm currently on vacation in the US, and the connectitivies available to me have been horrible. About making changes to the source, perhaps you could share your changes with us and they might become part of the source in the next version? Also, it could be good to know what version you're talking about. Our main development is currently in 0.9.7 (in beta) and 0.9.8 (in development). petera I thought of a few possible (?) solutions (sorry if it's nonsense): petera - taking our objects/libraries (compiled with our ANSI C compiler) to the petera customer and try to link it there petera - perhaps there are compiler options which will make compilation possible petera - install a ANSI C compiler (GNU) at the customer's site to make it work Of all those solutions, it looks like the first is the simplest. It's the one I'd choose, especially in when in a hurry. OpenSSL has never been fully built with GNU C on VMS. I skipped diong that because GNU C on VAX and GNU C on Alpha differ (!) (or did at the time I looked), and at the time, the Alpha port was under heavy development. -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
DSA private key ASN.1
Hello openssl users: Which document/standard specifies the format of a DSA private key? DSA_private_key = { version, p, q, g, y, x } This is how the openssl dsa library reads/writes it so there must be a basis. I've looked at FIPS186-2 but it doesn't show the ASN.1 anywhere. Thanks in advance. -Fiel __ Do you Yahoo!? Yahoo! News - Today's headlines http://news.yahoo.com __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
read_ahead=FALSE but pending data
I've problem with pending data ! I've not set the read ahead flag ( SSL_get_read_ahead() ==FALSE ) but after used SSL_read() I have pending data (SSL_pending() 0). Is it normal ? PS: ssl is in non-blocking mode. Thanks Alain. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]