Re: how to create CRL with openssl?
On Fri, 4 May 2001 08:32:26 -0400 George Lind [EMAIL PROTECTED] wrote: How do you generate a CRL with the openssl tool? Thanks, George __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] $BO@CL!!!&!!#R#O#N#D#A#N(B $B%[!<%`%Z!<%8!!!'(Bhttp://www.rondan.co.jp $BEE;R%a!<%k!'([EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: OpenSSL in an embedded environment
On Fri, 04 May 2001 08:52:13 -0400 "Gregg Gibson" [EMAIL PROTECTED] wrote: My plan is to use OpenSSL to provide crypto for ucd-snmp (which uses des, md5, and sha) and ssl for a web server (using rsa, 3des, and sha or md5). I will also use it for certificate generation. I'm going to do some code and makefile editing to get rid of everything else I can, which I think includes bf, dh, dsa, hmac, idea, md2, md4, mdc2, pkcs7, rc2, rc4, rc5, and ripemd. Does that sound reasonable? From: Dr S N Henson Subject: Re: OpenSSL in embedded environment Date: Sat, 28 Apr 2001 13:45:09 -0700 You may well have some 'fiddling' to substantially reduce the size of OpenSSL. It all depends on what you want to use it for and what support you need. For example if you don't need PKCS#12 support you can delete everything in crypto/pkcs12. Then the fiddling starts because it probably wont compile any more and you'll have to edit makefiles and source files that reference PKCS#12 code. If you're just doing crypto without SSL or any ASN1 support you can probably delete almost everything. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Celo Communications: http://www.celocom.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. __ - Original Message - From: "Gregg Gibson" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, April 30, 2001 8:59 AM Subject: Resending: OpenSSL in an embedded environment I apoligize for sending this question again. The email account I was using has proved to be too unreliable, so I have switched to a different account. Has anyone had any experience with OpenSSL in an embedded environment? I'm trying to trim libcrypto.a and libssl.a down to a reasonable size for an embedded project. I've turned off all but the few ciphers that I need, and that only trimmed off about 200kB. (The ciphers that I kept are des, rsa, md5, and sha.) I'd like to get both of those libraries to be much smaller. Any suggestions? _ Get your FREE download of MSN Explorer at http://explorer.msn.com __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] $BO@CL!!!&!!#R#O#N#D#A#N(B $B%[!<%`%Z!<%8!!!'(Bhttp://www.rondan.co.jp $BEE;R%a!<%k!'([EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: how to create CRL with openssl?
On Fri, 04 May 2001 21:55:21 +0900 RONDAN [EMAIL PROTECTED] wrote: On Fri, 4 May 2001 08:32:26 -0400 George Lind [EMAIL PROTECTED] wrote: How do you generate a CRL with the openssl tool? Thanks, George __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] $BO@CL!!!&!!#R#O#N#D#A#N(B $B%[!<%`%Z!<%8!!!'(Bhttp://www.rondan.co.jp $BEE;R%a!<%k!'([EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] $BO@CL!!!&!!#R#O#N#D#A#N(B $B%[!<%`%Z!<%8!!!'(Bhttp://www.rondan.co.jp $BEE;R%a!<%k!'([EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: newbie question : Verification callback (SSL_CTX_set_verify, SSL_set_verify)
On Fri, 4 May 2001 14:56:33 +0200 "Robin Gorris" [EMAIL PROTECTED] wrote: Hi, I have some questions on the verification callback function. By the way, I'm using the SSL_VERIFY_PEER mode. 1. Is it best practice to put all the certificate checks in this callback function? 2. Is it so that the number of times this function is called is equal to the verification depth used? 3. If so, how do I get to know the verification depth at runtime? I'll be more specific on this : if I wanted to add an extra check only for the last certificate in the chain (that of the client), how would I do this? Hope my questions make sense. Anyways, much thanx in advance, Robin __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] $BO@CL!!!&!!#R#O#N#D#A#N(B $B%[!<%`%Z!<%8!!!'(Bhttp://www.rondan.co.jp $BEE;R%a!<%k!'([EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: OpenSSL in an embedded environment
On Fri, 04 May 2001 21:58:44 +0900 RONDAN [EMAIL PROTECTED] wrote: On Fri, 04 May 2001 08:52:13 -0400 "Gregg Gibson" [EMAIL PROTECTED] wrote: My plan is to use OpenSSL to provide crypto for ucd-snmp (which uses des, md5, and sha) and ssl for a web server (using rsa, 3des, and sha or md5). I will also use it for certificate generation. I'm going to do some code and makefile editing to get rid of everything else I can, which I think includes bf, dh, dsa, hmac, idea, md2, md4, mdc2, pkcs7, rc2, rc4, rc5, and ripemd. Does that sound reasonable? From: Dr S N Henson Subject: Re: OpenSSL in embedded environment Date: Sat, 28 Apr 2001 13:45:09 -0700 You may well have some 'fiddling' to substantially reduce the size of OpenSSL. It all depends on what you want to use it for and what support you need. For example if you don't need PKCS#12 support you can delete everything in crypto/pkcs12. Then the fiddling starts because it probably wont compile any more and you'll have to edit makefiles and source files that reference PKCS#12 code. If you're just doing crypto without SSL or any ASN1 support you can probably delete almost everything. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Celo Communications: http://www.celocom.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. __ - Original Message - From: "Gregg Gibson" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, April 30, 2001 8:59 AM Subject: Resending: OpenSSL in an embedded environment I apoligize for sending this question again. The email account I was using has proved to be too unreliable, so I have switched to a different account. Has anyone had any experience with OpenSSL in an embedded environment? I'm trying to trim libcrypto.a and libssl.a down to a reasonable size for an embedded project. I've turned off all but the few ciphers that I need, and that only trimmed off about 200kB. (The ciphers that I kept are des, rsa, md5, and sha.) I'd like to get both of those libraries to be much smaller. Any suggestions? _ Get your FREE download of MSN Explorer at http://explorer.msn.com __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] $BO@CL!!!&!!#R#O#N#D#A#N(B $B%[!<%`%Z!<%8!!!'(Bhttp://www.rondan.co.jp $BEE;R%a!<%k!'([EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] $BO@CL!!!&!!#R#O#N#D#A#N(B $B%[!<%`%Z!<%8!!!'(Bhttp://www.rondan.co.jp $BEE;R%a!<%k!'([EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]