Basic doubt about certificates
Hi all, I have a basic doubt about certificates. How are the certificates classified. One way is based on the public key in the certificates. That lead to RSA and DSS certificates. Is there any way to classify certificates based on the use? May be like SSL, TLS etc. Where can I get complete information about these details? Awaiting your valuable response.. Thanks in advance. Regards Suram __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Tunneling Client Certs
I have posted a similar message earlier. Hoping to convey self better and get some help this time around. I have the following scenario - Client Cert -- Tunnel Server - Tunnel Client -- Backend server. The requirement is to pass the Client Cert to the Backend server. I could extract the Client Cert at the Tunnel Server. Tunnel Server and Tunnel client reside in the same program on a machine, hence Tunnel Server can pass on Client Cert to Tunnel Client without much ado. Now in the my Tunnel Client program, I use SSL_use_certificate(ctx, X509*). The X509* pointer contains the Client Cert which the Tunnel Server has just extracted. But then I dont have the private key for the Client Cert at the Tunnel Client. Hence I could not do a SSL_CTX_use_PrivateKey(ctx,...) at the Tunnel Client. My question is, Is it possible to just give a Cert for an SSL connection (like giving SSL_use_certificate()) without a corresponding SSL_use_PrivateKey(..) call made, and expect SSL to somehow generate its own keys but take our certificate? with thanks rsr. Namaste, R S Chandrasekhar [EMAIL PROTECTED] ISD : 091-080-2051166 Telnet : 847-1166 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Basic doubt about certificates
Suram Chandra Sekhar wrote: How are the certificates classified. One way is based on the public key in the certificates. That lead to RSA and DSS certificates. Is there any way to classify certificates based on the use? May be like SSL, TLS etc. Where can I get complete information about these details? http://www.ietf.org/rfc/rfc3280.txt Look for Key Usage and Extended Key Usage Andrew __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Tunneling Client Certs
On Sat, Feb 08, 2003, Chandrasekhar R S wrote: I have posted a similar message earlier. Hoping to convey self better and get some help this time around. I have the following scenario - Client Cert -- Tunnel Server - Tunnel Client -- Backend server. The requirement is to pass the Client Cert to the Backend server. I could extract the Client Cert at the Tunnel Server. Tunnel Server and Tunnel client reside in the same program on a machine, hence Tunnel Server can pass on Client Cert to Tunnel Client without much ado. Now in the my Tunnel Client program, I use SSL_use_certificate(ctx, X509*). The X509* pointer contains the Client Cert which the Tunnel Server has just extracted. But then I dont have the private key for the Client Cert at the Tunnel Client. Hence I could not do a SSL_CTX_use_PrivateKey(ctx,...) at the Tunnel Client. My question is, Is it possible to just give a Cert for an SSL connection (like giving SSL_use_certificate()) without a corresponding SSL_use_PrivateKey(..) call made, and expect SSL to somehow generate its own keys but take our certificate? No because certificates are meant to be public objects and private keys are, erm private. If you could do that then anyone who had access to a certificate (for example the recipent of signed email) could impersonate the sender or read all their encrypted mail, not to mention impersonating all the public CAs. Steve. -- Dr Stephen N. Henson. Core developer of the OpenSSL project: http://www.openssl.org/ Freelance consultant see: http://www.drh-consultancy.demon.co.uk/ Email: [EMAIL PROTECTED], PGP key: via homepage. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
win32 development; something to share
I think I've been able to build SSL support into my pop3 mail client (JBMail) for Windows. I thought I'd share a couple things that might be useful for win32 software developers. http://www.pc-tools.net/beta/jbmail/ (See the latest beta version zip file posted there). Inside: ssltool.exe is based on the demo SSL client program from OpenSSL and can be used to verify that SSL DLL functions can be loaded (run-time dynamic linking), and also connects to a host and returns the SSL particulars. The two DLLs were built from OpenSSL using MS VC++ and MASM. Feel free to use if you want. They're not 0.9.7 unfortunately. It appears that UPX comprsesed OpenSSL DLLs work quite well :) http://upx.sourceforge.net/ __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
EVP_VerifyFinal()
What is the correct way to convert a DSA key struct into a u_char buffer for use with EVP_VerifyFinal()? Is there a generic way to do this regardless of the signature key algorithm? The value of the EVP interface seems lost if I have to call different key preparation functions depending on algorithm used for the signature. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]