> > To further my earlier message, I have just done a succesful compalation and
> > test on a Debian based machine. The machine that produced the error was a
> > Redhat 5.2 based machine. The test also now works on the Redhat machine
> > (using the library produced on the Debian machine). I hope t
Hi,
I am in the process of upgrading OpenSSL from 0.9.2b to
0.9.4 for OSE (rtos) on powerpc. It looks good, less things
for me to do with the new release :) A few minor patches
though. Here is the first one which deals with bad reference
to close where it should be closesocket.
Regards,
Lennart
Manuel Mollar wrote:
>
> Building a enveloped message with the 'enc.c' program, I see the call
>
> PKCS7_add_recipient(p7,sk_X509_value(recips, i))
>
> for every recipient.
>
> The source code of PKCS7_add_recipient does:
>
> 1. a call to
>
> PKCS7_RECIP_INFO_set(ri,x509)
>
> th
Massimiliano Pala wrote:
>
> Dr Stephen Henson wrote:
> >
> > Massimiliano Pala wrote:
> > > * openssl ca
> > >
> > > - extensions [ exts_section ]: adds the ability to
> > > use extensions specified in a specific section (so
> > > to specify for example extensions f
Hi,
Does anyone know if there would be any licenciing problems with doing
any of the following with OpenSSL.
- Stripping some of the code out so as to exclude particular encryption
algorithms.
- Are there any RSA licencing issues outside the U.S ?
Any help would be appreciated.
Cheers.
Ray.
_
Hi,
I'm sorry if this is the wrong place to ask this. If it is
could someone kindly redirect me to the correct place? I am new to
this...
I am working on a client side application that needs to have
a SSL layer to connect to a server. I need to have a CA signed client
certific
The following certs were generated using a popular commercial CA.
The cert-sign cert verifies okay; the cert-sign cert does NOT verify
the crl-sign cert -- OpenSSL verify command claims the padding is wrong.
Any clues? Any die-hard DER bit-twiddlers have any advice?
Thanks, much, in advance.
Hy,
there is an error under Win32 in OpenSSL. If you specify the
OPENSSL_CONF env variable and point to openssl.cnf, OpenSSL doesn`t
says:
unable to find 'distinguished_name' in config
If the same config file is specified using -config everything works
fine. Any Ideas?
Daniel
_
A while ago I asked a question about contributing back some changes to
OpenSSL for porting it to the Macintosh.
I'm ready to do that now, but I'm not sure what format is preferred. I
think it's probably a diff dump, but I'm not sure what options to include
when I generate the diff dump (I'll
Daniel Reichenbach wrote:
>
> Hy,
>
> there is an error under Win32 in OpenSSL. If you specify the
> OPENSSL_CONF env variable and point to openssl.cnf, OpenSSL doesn`t
> says:
>
> unable to find 'distinguished_name' in config
>
> If the same config file is specified using -config everything w
Dr Stephen Henson <[EMAIL PROTECTED]>:
>> [...] I think the idea of forcing people to use threads to obtain
>> decent performance is unacceptable. [...]
> Quite a few applications already follow the "one SSL connection per
> thread or process" model.
One reason for doing things that way (thre
Massimiliano Pala wrote:
>
> Hi!
>
> Due to great demand, I made this simple program that analyze let's call
> the 'SPKAC' files and can return some info. Here the help:
>
> $ openssl spkac
> usage: spkac args
>
> -in infile - Input file [required]
> -verbose
> A while ago I asked a question about contributing back some changes to
> OpenSSL for porting it to the Macintosh.
>
> I'm ready to do that now, but I'm not sure what format is preferred. I
> think it's probably a diff dump, but I'm not sure what options to include
> when I generate the diff dum
Dr Stephen Henson wrote:
[...]
> It should be compatible with the patch you made. Its "enhanced" because
> I've added several other command line options that allow alternative
> sections to be used for certificates, CRLs and certificate requests and
> in other utilities like 'req' and 'x509'.
Goo
Salz, Rich wrote:
>
> The following certs were generated using a popular commercial CA.
>
> The cert-sign cert verifies okay; the cert-sign cert does NOT verify
Err would you like to try that again but without the contradiction this
time? :-)
> the crl-sign cert -- OpenSSL verify command claim
Dr Stephen Henson wrote:
>
> Yes it seems like a worthwhile thing to include, there seems to be a bit
> of redundant code in there and a bit of extra functionality might be
> useful (for example to be able to create SPKAC files from a private
> key).
I think it is a good idea. BTW that was what
Sorry, you're right. The cert-sign is okay, but the crl-sign cert
which is signed by cert-sign fails to verify the sig. We'd normally
suspect the CA that generated the certs, but (1) it verifies when we
use our hardware crypto; (2) it's not our CA. :)
So, we do believe there's a bug in openssl.
Has anyone added a "-verify XXX" flag to the CRL command?
The XXX would be the file containing the CA cert.
Doesn't look to hard, given X509_PUBKEY_get and X509_CRL_verify
/r$
__
OpenSSL Project
> It should also complain about being unable to open the config file and
> the path it has tried: check it is correct.
>
> Steve.
No, there is no problem with that. The path is all right and that one
works.
I used the path from OPENSSL_CONF with -config and it worked. But
another
one: has OPENSSL
Hi !
When I try to compile openssl-SNAP-19990829 I got this error
make[2]: Entering directory
`/home/doctrade/src/openssl-SNAP-19990829/crypto/des'
make[2]: `des' is up to date.
make[2]: Leaving directory
`/home/doctrade/src/openssl-SNAP-19990829/crypto/des'
(cd pkcs7 && make testapps)
make[2]: E
Hi,
I have trouble installing OpenSSL on the Solaris 2.6 platform.
/Niclas
===
This is the output from conf -t
===
root@axel/home/user/openssl-0.9.3a> ./config -t
Operating system: sun4m-sun-solaris2
Hi,
I'm currently trying to build an openssl 0.9.4 distribution which fails on
the make install step after the previous steps all work correctly.
I run:
./configure --prefix=/citec/openssl-0.9.4
./make
./make test
./make install
Output of the make install step and the resulting error message sho
Operating system: i586-whatever-linux2
Configuring for linux-elf
/usr/local/bin/perl ./Configure linux-elf
The box is running Slackware 3.6, with libc-5.4.46 and gcc-2.7.2.3. The
symbols NUM_NID, NUM_SN, NUM_LN, NUM_OBJ were not defined. I added
-DNO_OBJECT to CFLAG in Makefile and it compiled fi
Upon bootup, the Apache server prompts for the encrypted key passphrase
twice, instead of once. The first prompt, I understand is needed for
decrypting the web server's private key. What is the second prompt for ?
Or perhaps I have a configuration error?
I am using Apache 1.3.6, openssl 0.9.3a,
24 matches
Mail list logo
