Is Diffie - Hellman used anywhere?

2001-09-12 Thread Catherine Goldin
Hi all, I read in DH()--SSLeay 0.9.0b -- Jan 1999 that DH certificates aren't used in SSL-level routines. What about now? Is DH used anywhere in SSL? Thanks, Catherine Goldin _ Get your FREE download of MSN Explorer at

Re: Removing X509 extensions

2001-09-12 Thread Oscar Jacobsson
Dr S N Henson wrote: Extensions are also used for security purposes, for example to indicate whether a certificate is a valid CA certificate and to prevent end user certificates being able to masquerade as CAs. I would definitely consider the ability to constrain issued certificates through

Re: Removing X509 extensions

2001-09-12 Thread Gleison Santos
In fact, ASN1 routines have access to X509_EXTENSION structure while executing parsing routines. But I free that information after it. We know about security constraints envolving removing X509v3 but code size is really a important matter for us. Gleison Dr S N Henson wrote: Gleison Santos

Re: Is Diffie - Hellman used anywhere?

2001-09-12 Thread Dr S N Henson
Catherine Goldin wrote: Hi all, I read in DH()--SSLeay 0.9.0b -- Jan 1999 that DH certificates aren't used in SSL-level routines. What about now? Is DH used anywhere in SSL? DH certificates aren't currently supported: hardly anything uses them. The DH algorithm itself is used by (among

Re: Removing X509 extensions

2001-09-12 Thread Dr S N Henson
Gleison Santos wrote: In fact, ASN1 routines have access to X509_EXTENSION structure while executing parsing routines. But I free that information after it. Can you be more specific about that? Do you free the information after the ASN1 code has parsed the structure? If so then when the

Re: Is Diffie - Hellman used anywhere?

2001-09-12 Thread Michael Sierchio
Dr S N Henson wrote: DH certificates aren't currently supported: hardly anything uses them. The DH algorithm itself is used by (among other things) SSL and TLS. Mobile IP does. I suggest again that, since a DH profile exists, it should be supported in OpenSSL.

Re: Is Diffie - Hellman used anywhere?

2001-09-12 Thread Dr S N Henson
Michael Sierchio wrote: Dr S N Henson wrote: DH certificates aren't currently supported: hardly anything uses them. The DH algorithm itself is used by (among other things) SSL and TLS. Mobile IP does. I suggest again that, since a DH profile exists, it should be supported in

[PATCH] Compiling as shared library on HP-UX 11.XX

2001-09-12 Thread ratan
Hi I am including a patch to enable compiling openssl as a shared library on HP-UX 11.00 and 11.11. The patch has been tested two different HP compilers on both 11.00 and 11.11. Thanks! Ratan diff -ur openssl-0.9.6a-work/Configure openssl-0.9.6a-orig/Configure ---