OpenCA.Org doesn't really count. Neither does any one entity. We need a
group that will inspire the trust needed to compete with Verisign.
My image is of an international organization of "certificate issuing
companies" and "signing authorities".
The member authorities would receive various sec
> I want to use your latest OpenSSL version for our project. The
> environment is Windows and Visual C++ 5.0 Do you have any sample programs
> where
> you utilizes OpenSSL in Visual C++? If not could you please send me the
info
> (header files, executable libraries, etc) so the I can use the Ope
I would like to use the code if people have tested it. Our cert has Netscape
SGC extension, not MS SGC extension. So, we are not able to test it. Please
publish the testing result if anyone has.
Just for clarification, IE4/5 behaves differently when it receives a cert
with
Netscape SGC extension
Massimiliano Pala wrote:
> I do have contacts with the ICE-CAR root CA peple. We can get a certificate
> there for free and start from there using the OpenCA software.
It would be better to start from a root CA that is in Netscape and IE
by default. ICE-CAR is not, is it?
Or, considering the lo
I thought the reasons for not going to C++ were so obvious that comment was
unnecessary.
> -Original Message-
> From: Terrell Larson [SMTP:[EMAIL PROTECTED]]
> Sent: Thursday, 23 December 1999 2:04
> To: [EMAIL PROTECTED]
> Subject: Re: Implementation for the GoAhead Webserver
>
>
Clifford Heath wrote:
> No, the problem is getting your root CA certificate included in the browsers.
> Manual CA cert installation into each browser doesn't cut it when you're
> trying to persuade a business to use one of your server certs.
> Liability is a cost issue - you simply negotiate and
Dennis Glatting wrote:
> > The problem is the liability... anyway if you want to get a free
> > certificate, go to
> >
> > https://secure.openca.org
> >
> > C'you,
> >
>
> I don't understand that response. Please explain. Verisign, for
> example, assumes no liability. In fact, they are tef
Víctor R. Ruiz wrote:
>
> On Wed, Dec 22, 1999 at 08:17:58PM +0100, Massimiliano Pala wrote:
> > Does anyone agree, wants to collaborate, etc ???
>
> I wonder the amount of work of such a project. But seems interesting anyway.
> The problem I see is the legal side.
>
> Greetings,
>
It see
> > Maybe the OpenSSL group should launch a new not-for-profit application
> > verification and certificate signing service?
> The problem is the liability...
No, the problem is getting your root CA certificate included in the browsers.
Manual CA cert installation into each browser doesn't cut i
> After the Verisign acquisition of Thawte, there remain
> few signing authorities who will perform services for a
> reasonable fee.
>
> Maybe the OpenSSL group should launch a new
> not-for-profit application verification and certificate
> signing service?
> We'd be happy to donate lines and
Bill Michaelson wrote:
>
> > After the Verisign acquisition of Thawte, there remain few signing =
> > authorities who will perform services for a reasonable fee.
> >
> > Maybe the OpenSSL group should launch a new not-for-profit application > >
>verification and certificate signing service?
>
>
Hi,
I transformed the server-code from c to c++ because they that's the way it
is done in the company. I think you can agree on the benefits of c++ that c
doesnt offer. But that isn't the issue here.
The server is running on a Win32 platform an allready up and running. But
now i'm looking to
On Wed, 22 Dec 1999, Massimiliano Pala wrote:
> > Erik Aronesty wrote:
> >
> > After the Verisign acquisition of Thawte, there remain few signing authorities who
>will perform services for a
> > reasonable fee.
> >
> > Maybe the OpenSSL group should launch a new not-for-profit application
Hi,
Does anyone know a way to create DER encoded certificates using
the Java IAIK Toolkit which OpenSSL will accept?
I have been able to create certs with both IAIK and OpenSSL but
the asn1parse tool reports different formats for each.
Any help/suggestions regarding this matter would be greatly
HI:
I created a client certificate with OPEN SSL, I revoked it too, and
generated the CRL of my CA, I import the PKCS12 file of my client
certificate and install the CRL in my IE 5, When i see my Client
certificate's properties in my IE 5, the IE say me that it is OK. I think
that it is wrong bec
Bill Michaelson wrote:
>
> > After the Verisign acquisition of Thawte, there remain few signing =
> > authorities who will perform services for a reasonable fee.
> >
> > Maybe the OpenSSL group should launch a new not-for-profit application =
> > verification and certificate signing service? We'
Dr Stephen Henson wrote:
> Oh and don't even think about using BMPStrings or UTF8Strings in
> certificates or CRLs BTW.
Do you, or anyone, have contacts with Netscape people (or can get me
in contact with) to know what they are doing by now and if they will
or plan to correct thoose bugs/unfeatu
Ben Laurie wrote:
[...]
> > The problem is the liability...
>
> I don't see that that is an inherent problem - though I can see that
> "not-for-profit" might well discourage the investors that would have to
> underwrite the liability, at least at first.
>
> Cheers,
> Ben.
I was referring to th
WHy woudl you transform it to C++. It adds about 50K to the executable on linux GCC
and runs slower. I can't see much reason
to use C++ for a library liek OpenSSL
IMHO
On Wed, 22 Dec 1999 13:02:51 GMT, Niels Heyvaert wrote:
>Hi,
>
>I'm thinking about implementing SSL in the Open Source GaA
Hi,
I am a SSL newbie and I am trying
to get the details of developing
applications using OpenSSL.
Is there any good book/webpage/resource
for SSL Programming?
Thanks
Get free email and a permanent address at http://www.amexm
HI:
I have some quetions about use OPENSSL
1- When i use OPENSSL with the comand :
openssl req -new -newkey rsa:512 -keyout file.pem -out file.pem
I want to put all the data that i have to enter to the comand in a file
called data.. (i.e PEM password, and all the data of subject filed)
Massimiliano Pala wrote:
>
>
> So, what I have to do ?? I do have to set the CA subject to something like:
>
> CN=CA Operator, O=OpenCA, C=IT
>
Yes that ought to do it.
> Another question: as far as I know Netscape likes only v1 CRLs (without
> extentions... is that true ???
>
Wel
> After the Verisign acquisition of Thawte, there remain few signing =
> authorities who will perform services for a reasonable fee.
>
> Maybe the OpenSSL group should launch a new not-for-profit application =
> verification and certificate signing service? We'd be happy to donate =
> lines and
Hi,
I'm thinking about implementing SSL in the Open Source GaAhead Web server.
I was wondering if anyone allready worked with this server? I contacted the
GoAhead newsgroup but they didn't tell me anything new.
I'm allso looking for an easy way to implement an SSL connection in the
existing c
Massimiliano Pala wrote:
>
> > Erik Aronesty wrote:
> >
> > After the Verisign acquisition of Thawte, there remain few signing authorities who
>will perform services for a
> > reasonable fee.
> >
> > Maybe the OpenSSL group should launch a new not-for-profit application
>verification and certif
Dr Stephen Henson wrote:
> Yes it is known. Its caused by importing a CRL without a commonName (CN)
> field. The only way to undo the crash (other than working out which
> records got added to the database and manually deleting them) is to
> delete the key and certificate database and restart wit
> Erik Aronesty wrote:
>
> After the Verisign acquisition of Thawte, there remain few signing authorities who
>will perform services for a
> reasonable fee.
>
> Maybe the OpenSSL group should launch a new not-for-profit application verification
>and certificate signing service?
> We'd be happy
- Original Message -
I found this message in the archive.
This is the same behaviour I am experiencing.
When connecting to www.kohlpcaking.com on port 443 using sslv23 method we
get a bad MAC decode... however when connectin using ssl3 only - we get a good
connection.
Having found that the Microsoft SGC extensions to SSL were not implemented
in openssl-0.9.4, I made some changes myself. However as you can see the
changes are very hacky due to my wish to keep the changes as simple as
possible.
The basic problem is that IE4 or 5 will issue a client hello message
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
In the course of using OpenSSL for a client application, I would
regularly get a SEGV in the client session caching code under high
load. After some examination, I traced it to SSL_CTX_add_session,
where two data structures (a hash and a list) are no
After the Verisign acquisition of Thawte, there remain few signing
authorities who will perform services for a reasonable fee.
Maybe the OpenSSL group should launch a new not-for-profit application
verification and certificate signing service? We'd be happy to donate
lines and equipment.
31 matches
Mail list logo