"Ramsay, Ron" <[EMAIL PROTECTED]> writes:
> I don't have an opinion on producing LDAP DNs but I think you should use
> the v3 form (RFC 2253) rather than the v2 form.
Well, 1485 is obsoleted by 1779, which is then in turn obsoleted by 2253.
I'd say go with the least obsolete format, which seems
Chris Ridd <[EMAIL PROTECTED]> writes:
> Hi,
>
> The DN string returned from the X509_NAME_oneline function has a
> peculiar and non-standard format. (And undocumented too.)
>
> I have some diffs which will turn it into the RFC 1779 format, as a
> compile time option.
>
> Would they be of an
Chris Ridd <[EMAIL PROTECTED]> writes:
> Hi,
>
> The DN string returned from the X509_NAME_oneline function has a
> peculiar and non-standard format. (And undocumented too.)
>
> I have some diffs which will turn it into the RFC 1779 format, as a
> compile time option.
>
> Would they be of an
One of our QA guys here tried to feed a binary DER file to the routines in
by_file() by way of mod_ssl. Unfortunately, X509_STORE_load_locations()
ignores the return values of X509_LOOKUP_load_file and X509_LOOKUP_add_dir,
so if they fail (for whatever reason), the function still returns success,
So, has anybody done any benchmarks on common platforms of OpenSSL versus
the BSAFE crypto stuff? Specifically the RSA operations and rc4/rc5. Just
HOW much does the assembly help things with OpenSSL?
I'd especially be interested in the timings against something other than
Solaris/sparc or Wind
Mark <[EMAIL PROTECTED]> writes:
> Hello. I'm trying to compile openssl with just the export-strength
> ciphers enabled. I have tried pretty much every combination of no-
> options and flags I could think of and find in the documentation. Has
> anyone done this and able to share how they did i
One of our QA guys here came up with this one, so don't blame me. :)
If you are using a CA root file with a duplicate entry in it (actually, a
cert file with just a duplicated subject DN, doesn't have to be an exactly
duplicate cert), parsing of the file stops at the duplicate cert.
Is this done
Is there an easy way to restrict what ciphers are compiled into the OpenSSL
library at compile time? So that if you built a libopenssl-export.a it
would NEVER be able to do triple-des, etc?
-Bill P.
__
OpenSSL Project
Ben Laurie <[EMAIL PROTECTED]> writes:
> William M. Perry wrote:
> >
> > Ulf Moeller <[EMAIL PROTECTED]> writes:
> >
> > > On Fri, Jul 09, 1999, William M. Perry wrote:
> > >
> > > > Any reason the dependencies aren't auto-ge
Ben Laurie <[EMAIL PROTECTED]> writes:
> William M. Perry wrote:
> > > The only in-place changes are the dependencies in the Makefiles if you
> > > remove a cipher (for example the Makefiles mustn't reference rsa.h if
> > > that file doesn't exi
Bodo Moeller <[EMAIL PROTECTED]> writes:
> On Fri, Jul 09, 1999 at 09:27:33AM -0500, William M. Perry wrote:
>
> >>> Note in particular this line:
> >>> checking which DES optimizations to use... -DDES_RISC2 -DDES_PTR
>
> >> Nice, but in some
Ulf Moeller <[EMAIL PROTECTED]> writes:
> On Fri, Jul 09, 1999, William M. Perry wrote:
>
> > Any reason the dependencies aren't auto-generated?
>
> The tool we are currently using is not portable.
Can't you just use the '-M' switch? Are there any
Goetz Babin-Ebell <[EMAIL PROTECTED]> writes:
> At 11:09 09.07.99 +0200, you wrote:
> >On Fri, Jul 09, 1999, Lenny Foner wrote:
> >
> >> autoconf work I've got, SSLeay compiled effortlessly under HPUX 9 and
> >> 10, Solaris, NetBSD, Linux (4.2 and 5.1), Irix (32 and 64 bit), Alphas
> >> (64 bit,
Ulf Moeller <[EMAIL PROTECTED]> writes:
> On Fri, Jul 09, 1999, Lenny Foner wrote:
>
> > autoconf work I've got, SSLeay compiled effortlessly under HPUX 9 and
> > 10, Solaris, NetBSD, Linux (4.2 and 5.1), Irix (32 and 64 bit), Alphas
> > (64 bit, or course) and probably some other OS's I'm forge
Ulf Moeller <[EMAIL PROTECTED]> writes:
> On Thu, Jul 08, 1999, William M. Perry wrote:
>
> > > Perl is not just needed for running the configuration script; it is also
> > > needed for putting together some of the assembler files, changing
> > > defaults
Bodo Moeller <[EMAIL PROTECTED]> writes:
> On Wed, Jul 07, 1999 at 08:17:22AM +0200, Alessandro Vesely wrote:
>
> [...]
> > Will there still be a Perl based config? if not, another hurrah for
> > that; although it doesn't look like an easy rework to do, there are
> > Perl installations that onl
Anonymous <[EMAIL PROTECTED]> writes:
> [EMAIL PROTECTED] (William M. Perry) wrote:
> > We also use libtool to build all of our stuff as shared libraries when
> > possible.
>
> You're not the first to suggest libtool. Wasn't there some license
> confli
Ok, so we are using OpenSSL in one of our new products, and I have taken
quite a bit of time to make sure that all of our sources (including all the
third party libraries we license, etc) can build in a separate object
directory. This is really handy for building debug and release versions in
par
[EMAIL PROTECTED] wrote:
> "William M. Perry" wrote:
> > But this code is for use when _all_ you have is their
> > certificate and you
> > need to verify it against an LDAP directory. Unfortunately,
> > you cannot
> > search binary attributes in LDAP,
Alessandro Vesely wrote:
> "William M. Perry" wrote:
> > But this code is for use when _all_ you have is their certificate and you
> > need to verify it against an LDAP directory. Unfortunately, you cannot
> > search binary attributes in LDAP, otherwi
Massimiliano Pala <[EMAIL PROTECTED]> writes:
> "William M. Perry" wrote:
> > > Searching by e-mail doesn't mean you search certificate's e-mail, but the
> > > attribute
> > >
> > > email: someone@somewhere
> > >
Massimiliano Pala <[EMAIL PROTECTED]> writes:
> "William M. Perry" wrote:
> >
> > "Salz, Rich" <[EMAIL PROTECTED]> writes:
> >
> > > >>How are you going to handle multiple OUs? In the case where a certificate
> &
"Salz, Rich" <[EMAIL PROTECTED]> writes:
> >It won't always be the case that your directory structure will map
> >_exactly_ to your certificate heirarchy.
>
> So you need a general filtering of subjectDN to LDAPDN, I guess. We've
> come across this issue. Our circumstances are a little differen
[EMAIL PROTECTED] (William M. Perry) writes:
> Here is the LDAP cert validation code. I do not know if this belongs in
> the core distribution of OpenSSL or not, but if people think that is the
> place for it to go, feel free. Otherwise I'll probably just put it up for
> dow
"Salz, Rich" <[EMAIL PROTECTED]> writes:
> >>How are you going to handle multiple OUs? In the case where a certificate
> >>contains 4 multiple OUs but a user DN only contains one of those 4?
>
> Shouldn't the user DN exactly match the "subject" field from the cert?
> If not, when and why not?
Here is the LDAP cert validation code. I do not know if this belongs in
the core distribution of OpenSSL or not, but if people think that is the
place for it to go, feel free. Otherwise I'll probably just put it up for
download from one of Aventail's web servers and just have mod_ssl reference
"Andrea e Luca Giacobazzi" <[EMAIL PROTECTED]> writes:
> >How are you going to handle multiple OUs? In the case where a certificate
> >contains 4 multiple OUs but a user DN only contains one of those 4?
>
> I search in LDAP just by e-mail, and I compare the whole certificate byte
> to byte with
Lisa Lutz <[EMAIL PROTECTED]> writes:
> How are you going to handle multiple OUs? In the case where a
> certificate contains 4 multiple OUs but a user DN only contains one of
> those 4?
Hmmm... good question. How should we handle something like that? I
suppose some logic could be put in there
Massimiliano Pala <[EMAIL PROTECTED]> writes:
> Lisa Lutz wrote:
> >
> > I need to map certificate Subject DNs to LDAP User DNs. I would like to be
> > handle complex cases such as:
> >
> > Subject DN = CN=Fred+UID=FSMITH, OU=DEV, O=CompanyA
> > to
> > UserDN UID=CN=Fred+FSMITH, OU=DEV, O=Comp
"Leland V. Lammert" <[EMAIL PROTECTED]> writes:
> At 06:26 AM 6/3/99 -0500, William M. Perry wrote:
> >
> >It would be silly to make this kind of change in the distribution. If you
> >are lucky enough to not be in the united states, then this type of
>
Richard Levitte - VMS Whacker <[EMAIL PROTECTED]> writes:
> I've just received the suggestion to make sure the VMS installation
> scripts make the executables execute-only. The corresponding on the
> Unixly side would be to give the binaries the protection 711 instead
> of 755. The reason would
"Andrea e Luca Giacobazzi" <[EMAIL PROTECTED]> writes:
> >Your patch doesn't do _quite_ what I need it to though. I need to allow
> >the user to configure the mapping from subject DN to LDAP DN, etc. I'll
> >be submitting my patch when it gets working as well. We should try and
> >merge the tw
Andrea e Luca Giacobazzi wrote:
> >I need the full subject DN of the certificate, and the DER encoded X509
> >certificate itself (and its length). ie: what you would find in the
> >userCertificate field in an LDAP directory.
>
> Use i2d_X509(..) to convert from X509* to DER :
>
> /* Convert cert
I've been digging around all morning in the header files and source for
openssl and could not find an easy way to get what I need out of an 'X509
*' object.
I need the full subject DN of the certificate, and the DER encoded X509
certificate itself (and its length). ie: what you would find in the
34 matches
Mail list logo