Re: Missing header on creating smime
--- Dr. Stephen Henson [EMAIL PROTECTED] wrote: What needs to be done to add that header as default on openssl smime command? Nothing :-) I've just added support, it will appear in the next stable snapshot and subsequent versions of OPenSSL. Cool! In the meantime I´ll use a script to play around with the header until that version´s up. Thanks, Eddy __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
0.9.8-dev: FORMAT:HEX,OCT issue
Guys, I'm trying to use 0.9.8-dev (SNAP-20050428) to issue domain controller certificates for Windows Smart Card logon. I get this error when using FORMAT:HEX modifier with OCT type: Error Loading extension section dc_cert 3550:error:0E06D06C:configuration file routines:NCONF_get_string:no value:conf_lib.c:329:group=CA_default name=email_in_dn 3550:error:22075093:X509 V3 routines:v2i_GENERAL_NAME:othername error:v3_alt.c:501: 3550:error:2206B080:X509 V3 routines:X509V3_EXT_conf:error in extension:v3_conf.c:93:name=subjectAltName, value=otherName:1.3.6.1.4.1.311.25.1;FORMAT:HEX,OCT: 010203040506070809101112 13141516 This is my dc_cert section, offending line is the last one: [ dc_cert ] crlDistributionPoints = URI:http://pig-dc/demoCA/crl.pem extendedKeyUsage = clientAuth,serverAuth basicConstraints = CA:FALSE keyUsage = nonRepudiation, digitalSignature, keyEncipherment msCertTemplate = ASN1:BMP:DomainController subjectAltName = otherName:1.3.6.1.4.1.311.25.1;FORMAT:HEX,OCT: 010203040506070809101112131415 16 If I don't use FORMAT:HEX, everything runs fine. Any advise? TIA, Andrea __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: [openssl-users] OCSP structure compliance RFC2560
Hello! Erwann ABALEA wrote: Bonsoir, Hodie III Kal. Mai. MMV est, Antonio Ruiz Martnez scripsit: I'm seeing the structure generated by OpenSSL in a OCSPRequest. However, from my point of view it doesn't accomplish with the standar because there is not any number of the version. Is it correct? [...] TBSRequest ::= SEQUENCE { version[0] EXPLICIT INTEGER { v1(0) } DEFAULT v1, Here, the version is told to be OPTIONAL. As per the ASN.1 standard, DEFAULT implies OPTIONAL. Thanks for your answer, Antonio.
Re: 0.9.8-dev: FORMAT:HEX,OCT issue
On Mon, May 02, 2005, Andrea Cogliati wrote: Guys, I'm trying to use 0.9.8-dev (SNAP-20050428) to issue domain controller certificates for Windows Smart Card logon. I get this error when using FORMAT:HEX modifier with OCT type: Error Loading extension section dc_cert 3550:error:0E06D06C:configuration file routines:NCONF_get_string:no value:conf_lib.c:329:group=CA_default name=email_in_dn 3550:error:22075093:X509 V3 routines:v2i_GENERAL_NAME:othername error:v3_alt.c:501: 3550:error:2206B080:X509 V3 routines:X509V3_EXT_conf:error in extension:v3_conf.c:93:name=subjectAltName, value=otherName:1.3.6.1.4.1.311.25.1;FORMAT:HEX,OCT: 010203040506070809101112 13141516 This is my dc_cert section, offending line is the last one: [ dc_cert ] crlDistributionPoints = URI:http://pig-dc/demoCA/crl.pem extendedKeyUsage = clientAuth,serverAuth basicConstraints = CA:FALSE keyUsage = nonRepudiation, digitalSignature, keyEncipherment msCertTemplate = ASN1:BMP:DomainController subjectAltName = otherName:1.3.6.1.4.1.311.25.1;FORMAT:HEX,OCT: 010203040506070809101112131415 16 If I don't use FORMAT:HEX, everything runs fine. Any advise? http://www.openssl.org/docs/apps/x509v3_config.html#NOTES Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
How to get SSL DLL's compiling from Cygwin?
Hello, I'm trying to compile OpenSSL 0.9.7f under Windows 2000 (using Cygwin) but I don't know if I get all the files after the compilation process. For example, I don't have libeay32.dll nor ssleay32.dll. To setup the compilation environment I've downloaded Cygwin setup, installed it with base + perl + gcc + make. After entering a bash shell, I've downloaded http://www.openssl.org/source/openssl-0.9.7f.tar.gz and uncompressed it. Then I've test both options (explained in INSTALL.W32), ./configure and ./Configure mingw. Both of them compile without problems doing 'make', then I can create and pass the tests using 'make test' and after it I can install using 'make install' (under /usr/local/ssl). But, after this compilation I don't have out32dll or out32 directories, where it is supposed to find the DLLs to copy them to our final directory like in these commands explained in INSTALL.W32: $ md c:\openssl $ md c:\openssl\bin $ md c:\openssl\lib $ md c:\openssl\include $ md c:\openssl\include\openssl $ copy /b inc32\openssl\* c:\openssl\include\openssl $ copy /b out32dll\ssleay32.lib c:\openssl\lib $ copy /b out32dll\libeay32.lib c:\openssl\lib $ copy /b out32dll\ssleay32.dll c:\openssl\bin $ copy /b out32dll\libeay32.dll c:\openssl\bin $ copy /b out32dll\openssl.exe c:\openssl\bin Why? Is this a problem of compiling OpenSSL under Cygwin? Do I need to compile using another environment? (all the information I've found is relative to using Visual C as the environment but I can't use it at this moment). Any idea? Thank you very much! -- o o o Manel Rodero | LCFIB - UPC o o o Helpdesk Manager | Campus Nord - Modul B6 o o o Laboratori de Calcul | Jordi Girona, 1-3 U P C Facultat Informatica Barcelona | 08034 Barcelona (Spain) | manel AT fib upc edu | Tel: +00 34 93 401 6940 http://www.fib.upc.edu/~manel | Fax: +00 34 93 401 7040 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Client validation troubles on z/OS.
Does anyone have any suggestions, regarding this issue? Any help would be greatly appreciated. John Young --- John Young [EMAIL PROTECTED] wrote: We are having an issue getting client validation to work on z/OS, with OpenSSL 0.9.7d. We have the same code running on several Xnix platforms and Windows, with no trouble. On z/OS, following SSL_do_handshake, we are receiving a -1 return. Following the failure we receive the following from ERR_error_string(): error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned Are there any known gotcha's or issues on the z/OS (or OS/390) in this regard? Any suggestions as to what we might try or look at, to resolve this issue? Thanks, John Young John Young __ Do you Yahoo!? Make Yahoo! your home page http://www.yahoo.com/r/hs __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] John Young __ Do you Yahoo!? Make Yahoo! your home page http://www.yahoo.com/r/hs __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Using non-std OIDs in config file
I am trying to add two new OIDs to my configuration, and then specify that a certificate should contain such objects with values that I specify. After extensive RTFMing and a lot of time wading through the configuration code I still have not got a working setup. Can anyone provide an example? What I have been trying is along the lines of the config file included below, and the complaint from openssl req is: Error Loading extension section v3_req 28763:error:2207C081:X509 V3 routines:DO_EXT_CONF:unknown extension:v3_conf.c:128: 28763:error:2206B080:X509 V3 routines:X509V3_EXT_conf:error in extension:v3_conf.c:92:name=msOID2, value=V0.0 Is there any more complete documentation on the config file format? I have not yet found any formal explanation of constructs like: certificatePolicies = ia5org,@policy What else are we not being told? :-) Thanks, Bob. #OpenSSL config file dir = . oid_section = new_oids [ ca ] default_ca = CA_default [ CA_default ] serial = $dir/serial database= $dir/certindex.txt new_certs_dir = $dir/certs certificate = $dir/jasomi.com-cacert.pem private_key = $dir/jasomi.com-cakey.pem default_days= 3650 default_md = sha1 preserve= no email_in_dn = no nameopt = default_ca certopt = default_ca policy = policy_match x509_extensions = v3_ca [ policy_match ] countryName = match stateOrProvinceName = match organizationName= match organizationalUnitName = optional commonName = supplied emailAddress= optional [ req ] default_bits= 2048 # Size of keys default_keyfile = key.pem # name of generated keys default_md = sha1 # message digest algorithm string_mask = nombstr # permitted characters distinguished_name = req_distinguished_name x509_extensions = v3_req oid_section = new_oids [ req_distinguished_name ] # Variable name Prompt string #--- 0.organizationName = Organization Name (company) organizationalUnitName = Organizational Unit Name (department, division) emailAddress= Email Address emailAddress_max= 40 localityName= Locality Name (city, district) stateOrProvinceName = State or Province Name (full name) countryName = Country Name (2 letter code) countryName_min = 2 countryName_max = 2 commonName = Common Name (hostname, IP, or your name) commonName_max = 64 # Default values for the above, for consistency and less typing. # Variable name Value # -- 0.organizationName_default = Jasomi Networks Inc. localityName_default= Calgary stateOrProvinceName_default = Alberta countryName_default = CA organizationalUnitName_default = Engineering Department emailAddress_default= [EMAIL PROTECTED] commonName_default = jasomi.com [ v3_ca ] # subjectAltName=${ENV::ALTNAME} basicConstraints= critical,CA:FALSE subjectKeyIdentifier= hash authorityKeyIdentifier = keyid:always,issuer:always keyUsage= digitalSignature, keyCertSign, cRLSign crlDistributionPoints = URI:http://www.jasomi.com/CRL # msOID2 = V0.0 msOID1 = CA [ v3_req ] basicConstraints= critical,CA:FALSE subjectKeyIdentifier= hash keyUsage= digitalSignature, keyCertSign, cRLSign crlDistributionPoints = URI:http://www.jasomi.com/CRL # msOID2 = V0.0 msOID1 = DomainController [ new_oids ] # MS Certificate Template Name msOID1 = 1.3.6.1.4.1.311.20.2 # MS something or other (CA version?) msOID2 = 1.3.6.1.4.1.311.21.1 -- Bob BramwellJasomi Networks (Canada) | This space Ph: 403 269 2938 x155 #310 602 11th
Re: Using non-std OIDs in config file
On Mon, May 02, 2005, Bob Bramwell wrote: I am trying to add two new OIDs to my configuration, and then specify that a certificate should contain such objects with values that I specify. After extensive RTFMing and a lot of time wading through the configuration code I still have not got a working setup. Can anyone provide an example? What I have been trying is along the lines of the config file included below, and the complaint from openssl req is: Error Loading extension section v3_req 28763:error:2207C081:X509 V3 routines:DO_EXT_CONF:unknown extension:v3_conf.c:128: 28763:error:2206B080:X509 V3 routines:X509V3_EXT_conf:error in extension:v3_conf.c:92:name=msOID2, value=V0.0 Is there any more complete documentation on the config file format? I have not yet found any formal explanation of constructs like: certificatePolicies = ia5org,@policy Yes, its in the X509v3_config manual page or: http://www.openssl.org/docs/apps/x509v3_config.html OpenSSL 0.9.8-dev supports a mini-ASN1 compiler which allows custom extensions to be generated. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Using non-std OIDs in config file
Aha! One I hadn't come across. Thank you. I will read it tonight and maybe tomorrow I can make some progress. Cheers, Bob. Dr. Stephen Henson wrote: On Mon, May 02, 2005, Bob Bramwell wrote: I am trying to add two new OIDs to my configuration, and then specify that a certificate should contain such objects with values that I specify. After extensive RTFMing and a lot of time wading through the configuration code I still have not got a working setup. Can anyone provide an example? What I have been trying is along the lines of the config file included below, and the complaint from openssl req is: Error Loading extension section v3_req 28763:error:2207C081:X509 V3 routines:DO_EXT_CONF:unknown extension:v3_conf.c:128: 28763:error:2206B080:X509 V3 routines:X509V3_EXT_conf:error in extension:v3_conf.c:92:name=msOID2, value=V0.0 Is there any more complete documentation on the config file format? I have not yet found any formal explanation of constructs like: certificatePolicies = ia5org,@policy Yes, its in the X509v3_config manual page or: http://www.openssl.org/docs/apps/x509v3_config.html OpenSSL 0.9.8-dev supports a mini-ASN1 compiler which allows custom extensions to be generated. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] -- Bob BramwellJasomi Networks (Canada) | This space Ph: 403 269 2938 x155 #310 602 11th Ave SW | intentionally FX: 403 269 2993Calgary, AB, T2R 1J8 | left blank. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
EVP Function call errors
I am not sure why I am geting the following errors when I try to call functions that are included by OpenSSL. I basically copied the code out of the O'Reilly OpenSSL book, so the code should be okay. I have included the OpenSSL EVP headers (and even tried to include all the digest headers) but I still get this compile error. I have been working off the assumption that it is an include error but nothing I try fixes it. I have tried to include openssl/evp.h and /usr/include/openssl/evp.h. Here is the compile error: /usr/qt/3/bin/uic form1.ui -o form1.h g++ -c -pipe -Wall -W -march=pentium3 -pipe -O2 -DQT_NO_DEBUG -I/usr/qt/3/mkspecs/linux-g++ -I. -I. -I/usr/qt/3/include -o hasher.o hasher.cpp /usr/qt/3/bin/uic form1.ui -i form1.h -o form1.cpp g++ -c -pipe -Wall -W -march=pentium3 -pipe -O2 -DQT_NO_DEBUG -I/usr/qt/3/mkspecs/linux-g++ -I. -I. -I/usr/qt/3/include -o form1.o form1.cpp /usr/qt/3/bin/moc form1.h -o moc_form1.cpp g++ -c -pipe -Wall -W -march=pentium3 -pipe -O2 -DQT_NO_DEBUG -I/usr/qt/3/mkspecs/linux-g++ -I. -I. -I/usr/qt/3/include -o moc_form1.o moc_form1.cpp g++ -o hasher hasher.o form1.o moc_form1.o -L/usr/qt/3/lib -L/usr/X11R6/lib -lqt -lXext -lX11 -lm form1.o(.text+0x2cb): In function `Form1::computeHash(QString, QString)': : undefined reference to `OpenSSL_add_all_digests' form1.o(.text+0x2de): In function `Form1::computeHash(QString, QString)': : undefined reference to `EVP_get_digestbyname' form1.o(.text+0x305): In function `Form1::computeHash(QString, QString)': : undefined reference to `EVP_DigestInit' form1.o(.text+0x323): In function `Form1::computeHash(QString, QString)': : undefined reference to `EVP_DigestUpdate' form1.o(.text+0x335): In function `Form1::computeHash(QString, QString)': : undefined reference to `EVP_DigestFinal' collect2: ld returned 1 exit status make: *** [hasher] Error 1 Here is the function where I call the (er!!) functions: QString Form1::computeHash(QString hash_algorithm, QString hash_input ) { //Declare Local Variables const EVP_MD *m; EVP_MD_CTX ctx; unsigned char *ret; unsigned int *ret_len = 0; const char *input = hash_input.ascii(); const char *change_ret; OpenSSL_add_all_digests(); if (!(m = EVP_get_digestbyname(hash_algorithm.ascii( return NULL; if (!(ret=(unsigned char *)malloc(EVP_MAX_MD_SIZE))) return NULL; EVP_DigestInit(ctx, m); EVP_DigestUpdate(ctx, input, strlen(input)); EVP_DigestFinal(ctx, ret, ret_len); change_ret = ( const char*) ret; return QString::fromLatin1(change_ret, -1); } It's probably a simple C++ error that I am forgetting about. Thanks in advance, Cutaway -- __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: EVP Function call errors
g++ -o hasher hasher.o form1.o moc_form1.o -L/usr/qt/3/lib -L/usr/X11R6/lib -lqt -lXext -lX11 -lm You need to add -lcrypto and maybe -lssl. Mike __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]