Re: how to create CRL with openssl?

2001-05-04 Thread RONDAN 

On Fri, 4 May 2001 08:32:26 -0400 
George Lind [EMAIL PROTECTED] wrote:

 How do you generate a CRL with the openssl tool?
 Thanks,
 George
 
 __
 OpenSSL Project http://www.openssl.org
 User Support Mailing List[EMAIL PROTECTED]
 Automated List Manager   [EMAIL PROTECTED]
 

 

$BO@CL!!!&!!#R#O#N#D#A#N(B   

$B%[!<%`%Z!<%8!!!'(Bhttp://www.rondan.co.jp
$BEE;R%a!<%k!'([EMAIL PROTECTED]



__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: OpenSSL in an embedded environment

2001-05-04 Thread RONDAN 

On Fri, 04 May 2001 08:52:13 -0400
"Gregg Gibson" [EMAIL PROTECTED] wrote:

 My plan is to use OpenSSL to provide crypto for ucd-snmp (which uses des, 
 md5, and sha) and ssl for a web server (using rsa, 3des, and sha or md5).  I 
 will also use it for certificate generation.
 
 I'm going to do some code and makefile editing to get rid of everything else 
 I can, which I think includes bf, dh, dsa, hmac, idea,  md2, md4, mdc2, 
 pkcs7, rc2, rc4, rc5, and ripemd.
 
 Does that sound reasonable?
 
 
 From: Dr S N Henson Subject: Re: OpenSSL in embedded environment Date: Sat, 
 28 Apr 2001 13:45:09 -0700
 
 You may well have some 'fiddling' to substantially reduce the size of 
 OpenSSL. It all depends on what you want to use it for and what support you 
 need.
 
 For example if you don't need PKCS#12 support you can delete everything in 
 crypto/pkcs12.
 
 Then the fiddling starts because it probably wont compile any more and 
 you'll have to edit makefiles and source files that reference PKCS#12 code.
 
 If you're just doing crypto without SSL or any ASN1 support you can 
 probably delete almost everything.
 
 Steve.
 --
 Dr Stephen N. Henson.   http://www.drh-consultancy.demon.co.uk/
 Personal Email: [EMAIL PROTECTED] Senior crypto engineer, 
 Celo Communications: http://www.celocom.com/
 Core developer of the   OpenSSL project: http://www.openssl.org/
 Business Email: [EMAIL PROTECTED] PGP key: via homepage.
 __
 
 
 
 
   - Original Message -
   From: "Gregg Gibson" [EMAIL PROTECTED]
   To: [EMAIL PROTECTED]
   Sent: Monday, April 30, 2001 8:59 AM
   Subject: Resending: OpenSSL in an embedded environment
  
  
I apoligize for sending this question again.  The email account I was
   using
has proved to be too unreliable, so I have switched to a different
   account.
   
Has anyone had any experience with OpenSSL in an embedded environment?
 I'm
trying to trim libcrypto.a and libssl.a down to a reasonable size for 
 an
embedded project. I've turned off all but the few ciphers that I need,
 and
that only trimmed off about 200kB. (The ciphers that I kept are des,
 rsa,
md5, and sha.) I'd like to get both of those libraries to be much
 smaller.
Any suggestions?
   
 
 _
 Get your FREE download of MSN Explorer at http://explorer.msn.com
 
 __
 OpenSSL Project http://www.openssl.org
 User Support Mailing List[EMAIL PROTECTED]
 Automated List Manager   [EMAIL PROTECTED]
 

 

$BO@CL!!!&!!#R#O#N#D#A#N(B   

$B%[!<%`%Z!<%8!!!'(Bhttp://www.rondan.co.jp
$BEE;R%a!<%k!'([EMAIL PROTECTED]



__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: how to create CRL with openssl?

2001-05-04 Thread RONDAN 

On Fri, 04 May 2001 21:55:21 +0900
RONDAN [EMAIL PROTECTED] wrote:

 
 On Fri, 4 May 2001 08:32:26 -0400 
 George Lind [EMAIL PROTECTED] wrote:
 
  How do you generate a CRL with the openssl tool?
  Thanks,
  George
  
  __
  OpenSSL Project http://www.openssl.org
  User Support Mailing List[EMAIL PROTECTED]
  Automated List Manager   [EMAIL PROTECTED]
  
 
  
 
 $BO@CL!!!&!!#R#O#N#D#A#N(B   
 
 $B%[!<%`%Z!<%8!!!'(Bhttp://www.rondan.co.jp
 $BEE;R%a!<%k!'([EMAIL PROTECTED]
 
 
 
 __
 OpenSSL Project http://www.openssl.org
 User Support Mailing List[EMAIL PROTECTED]
 Automated List Manager   [EMAIL PROTECTED]
 

 

$BO@CL!!!&!!#R#O#N#D#A#N(B   

$B%[!<%`%Z!<%8!!!'(Bhttp://www.rondan.co.jp
$BEE;R%a!<%k!'([EMAIL PROTECTED]



__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: newbie question : Verification callback (SSL_CTX_set_verify, SSL_set_verify)

2001-05-04 Thread RONDAN 

On Fri, 4 May 2001 14:56:33 +0200
"Robin Gorris" [EMAIL PROTECTED] wrote:

 Hi,
 
 I have some questions on the verification callback function. By the way, I'm
 using the SSL_VERIFY_PEER mode.
 
  1. Is it best practice to put all the certificate checks in this callback
 function?
  2. Is it so that the number of times this function is called is equal to
 the verification depth used?
  3. If so, how do I get to know the verification depth at runtime? I'll be
 more specific on this : if I wanted to add an extra check only for the last
 certificate in the chain (that of the client), how would I do this?
 
 Hope my questions make sense.
 
   Anyways, much thanx in advance,
   Robin
 
 
 __
 OpenSSL Project http://www.openssl.org
 User Support Mailing List[EMAIL PROTECTED]
 Automated List Manager   [EMAIL PROTECTED]
 

 

$BO@CL!!!&!!#R#O#N#D#A#N(B   

$B%[!<%`%Z!<%8!!!'(Bhttp://www.rondan.co.jp
$BEE;R%a!<%k!'([EMAIL PROTECTED]



__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: OpenSSL in an embedded environment

2001-05-04 Thread RONDAN 

On Fri, 04 May 2001 21:58:44 +0900
RONDAN [EMAIL PROTECTED] wrote:

 
 On Fri, 04 May 2001 08:52:13 -0400
 "Gregg Gibson" [EMAIL PROTECTED] wrote:
 
  My plan is to use OpenSSL to provide crypto for ucd-snmp (which uses des, 
  md5, and sha) and ssl for a web server (using rsa, 3des, and sha or md5).  I 
  will also use it for certificate generation.
  
  I'm going to do some code and makefile editing to get rid of everything else 
  I can, which I think includes bf, dh, dsa, hmac, idea,  md2, md4, mdc2, 
  pkcs7, rc2, rc4, rc5, and ripemd.
  
  Does that sound reasonable?
  
  
  From: Dr S N Henson Subject: Re: OpenSSL in embedded environment Date: Sat, 
  28 Apr 2001 13:45:09 -0700
  
  You may well have some 'fiddling' to substantially reduce the size of 
  OpenSSL. It all depends on what you want to use it for and what support you 
  need.
  
  For example if you don't need PKCS#12 support you can delete everything in 
  crypto/pkcs12.
  
  Then the fiddling starts because it probably wont compile any more and 
  you'll have to edit makefiles and source files that reference PKCS#12 code.
  
  If you're just doing crypto without SSL or any ASN1 support you can 
  probably delete almost everything.
  
  Steve.
  --
  Dr Stephen N. Henson.   http://www.drh-consultancy.demon.co.uk/
  Personal Email: [EMAIL PROTECTED] Senior crypto engineer, 
  Celo Communications: http://www.celocom.com/
  Core developer of the   OpenSSL project: http://www.openssl.org/
  Business Email: [EMAIL PROTECTED] PGP key: via homepage.
  __
  
  
  
  
- Original Message -
From: "Gregg Gibson" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, April 30, 2001 8:59 AM
Subject: Resending: OpenSSL in an embedded environment
   
   
 I apoligize for sending this question again.  The email account I was
using
 has proved to be too unreliable, so I have switched to a different
account.

 Has anyone had any experience with OpenSSL in an embedded environment?
  I'm
 trying to trim libcrypto.a and libssl.a down to a reasonable size for 
  an
 embedded project. I've turned off all but the few ciphers that I need,
  and
 that only trimmed off about 200kB. (The ciphers that I kept are des,
  rsa,
 md5, and sha.) I'd like to get both of those libraries to be much
  smaller.
 Any suggestions?

  
  _
  Get your FREE download of MSN Explorer at http://explorer.msn.com
  
  __
  OpenSSL Project http://www.openssl.org
  User Support Mailing List[EMAIL PROTECTED]
  Automated List Manager   [EMAIL PROTECTED]
  
 
  
 
 $BO@CL!!!&!!#R#O#N#D#A#N(B   
 
 $B%[!<%`%Z!<%8!!!'(Bhttp://www.rondan.co.jp
 $BEE;R%a!<%k!'([EMAIL PROTECTED]
 
 
 
 __
 OpenSSL Project http://www.openssl.org
 User Support Mailing List[EMAIL PROTECTED]
 Automated List Manager   [EMAIL PROTECTED]
 

 

$BO@CL!!!&!!#R#O#N#D#A#N(B   

$B%[!<%`%Z!<%8!!!'(Bhttp://www.rondan.co.jp
$BEE;R%a!<%k!'([EMAIL PROTECTED]



__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]