At 01:09 PM 9/17/99 -0700, Aaron D. Turner wrote:
>This RSA library license that you recieve with Stronghold, etc, can
>not be legally transfered to another piece of software, because the
>license requires you to use the RSA approved implimentation of the RSA
>algorithm.
>
>The other option is to
Hector Jimenez Pensado wrote:
>
> > >
> > > 5. I also convert the demoCA/cacert.pem to PKCS#12:
> > > openssl pkcs12 -export -in demoCA/cacert.pem -inkey
> > private/cakey.pem -name
> > > "MY_ORG CA" -certfile demoCA/cacert.pem -out thecacert.pfx
> > >
> >
> > DO NOT DO THIS! If you do this with
boy rich arent we getting cynical in our old age
I'll drop you a line tomorrow to see what's up - as I've been lying
really low - had to for what i'm doing
Andrew
ex OSF'er - i refuse to recognise the open group.
__
OpenSSL Pro
> >
> > 5. I also convert the demoCA/cacert.pem to PKCS#12:
> > openssl pkcs12 -export -in demoCA/cacert.pem -inkey
> private/cakey.pem -name
> > "MY_ORG CA" -certfile demoCA/cacert.pem -out thecacert.pfx
> >
>
> DO NOT DO THIS! If you do this with users you end up giving them the CA
> private key
> I've doing the same task, and have found it easiest using the
> simple client
> example in the demos\ssl directory - s_client is reasonably
> complex for what
> is a reasonably simple task.
me too...
> What I don't understand is how to authenticate the server
> once the secure
> connection
-Original Message-
From: Spector, Brian <[EMAIL PROTECTED]>
To: '[EMAIL PROTECTED]' <[EMAIL PROTECTED]>
Cc: '[EMAIL PROTECTED]' <[EMAIL PROTECTED]>;
'[EMAIL PROTECTED]' <[EMAIL PROTECTED]>
Date: Monday, September 27, 1999 2:55 PM
Subject: RE: What US companies need to know about RSA
>
>
>
There's a thread on one of the other lists about DH security where several
people have said that 1024 bit DH has a strength of about 80 bits. But in
SSL3 1024 bit ephemeral DH is used to protect the keys for 168 bit 3DES
(EDH-RSA-DES-CBC3-SHA and EDH-DSS-DES-CBC3-SHA ciphers).
Are those ciphers
There's a thread on one of the other lists about DH security where several
people have said that 1024 bit DH has a strength of about 80 bits. But in
SSL3 1024 bit ephemeral DH is used to protect the keys for 168 bit 3DES
(EDH-RSA-DES-CBC3-SHA and EDH-DSS-DES-CBC3-SHA ciphers).
Are those ciphers
Vladimir Litovka <[EMAIL PROTECTED]>:
> [Sun Sep 26 09:42:38 1999] [error] OpenSSL: error:0B080074:x509 certificate
> routines:X509_check_private_key:key values mismatch
>
> What does it mean?
Possible you installed the CA certificate instead of the certificate
created for your server (use "op
I'm having difficulty to install a new
certificate after a certificate renewal
w/ MSIE 5.
Our certification authority have been
tested during some time, now we have
generated new CA's key pairs.
In fact MSIE doesn't "refresh" the
new certificate. (Same tests with
Communicator 4.61 works fine ;-
Is it broken, or am I the biggest moron alive? :)
--
Jeffrey H. Johnson, [EMAIL PROTECTED]
The Web Site Factory, http://www.websitefactory.net
__
OpenSSL Project http://www.openssl.org
User Suppor
Hi,
Platform: hpux-11, Apache-1.3.6, OpenSSL-0.9.3a, modssl-2.3.11
I'm trying to use Netscape CMS (cert management system) to generate some
user certs for SSL authentication. I've updated ca-bundled.crt with my CA
detailes. My CA key is 2048. My apache works fine in SSL mode if client cert
is an
Arrgh, sorry. Consider this a request to stop putting Reply-To!
-Original Message-
From: Salz, Rich [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 28, 1999 2:09 PM
To: '[EMAIL PROTECTED]'
Subject: RE: a task that I'm sure someone has solved
very nice job!
_
very nice job!
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
Hello!
Hello!
I'm trying to use Apache with mod_ssl but there is error, which Apache get
from OpenSSL library. The problem is: I've got signed certificates from
Thawte, but Apache doesn't start, when these .key&.crt used. There are
such messages in the error:
[Sun Sep 26 09:42:38 1999] [err
"Spector, Brian" wrote:
>
> Greetings Lee,
>
> Umm.
>
> maybe we should talk. Maybe you should quit talking???...
>
> So your mother raised a thief? You know stealing intellectual property is
> the same as shoplifting your local Circle K? No distinction at all,
> regardless of whatever
Mikhail Blinov wrote:
>
> Hi
>
> I tried to play with PKCS7 encryption - decryption (enveloped-data content
> type).
> I notices that
> 1) neither crypto/pkcs7/enc.c nor crypto/pkcs7/dec.c can be compiled
> because "PEM_read_bio_*" functions now have an extra "char **u"
> parameter
>
Hector Jimenez Pensado wrote:
>
> Hi all,
>
> 5. I also convert the demoCA/cacert.pem to PKCS#12:
> openssl pkcs12 -export -in demoCA/cacert.pem -inkey private/cakey.pem -name
> "MY_ORG CA" -certfile demoCA/cacert.pem -out thecacert.pfx
>
DO NOT DO THIS! If you do this with users you end up gi
Hi all,
I posted the same problems a few weeks back, I have only
succesfully installed both the CA and the client certificate
in both Netscape and MSIE 5 (Just follow the PKCS#12 FAQ):
FOR THE CA:
1. Went to a new directory and did: CA.sh -newca. This created a demoCA
directory
that has the C
On Mon, Sep 27, 1999 at 01:48:03PM -0600, Craig Idler wrote:
> I would like to use the OpenSSL library with an application to send
> http method requests to a ssl enabled web server. In addition, I must
> be able to interact with the server to provide user:password
> information.
Hi,
I assume y
I think this is right on topic.
This discussion is why I am on the list at all.
Michael Ströder wrote:
>
> HI!
>
> Please, can we stop the off-topic discussion here?
> We have enough to read all day.
>
> Ciao, Michael.
> __
Hi
I tried to play with PKCS7 encryption - decryption (enveloped-data content
type).
I notices that
1) neither crypto/pkcs7/enc.c nor crypto/pkcs7/dec.c can be compiled
because "PEM_read_bio_*" functions now have an extra "char **u"
parameter
2) after adding an extra ",NULL" to the fu
Hi All,
I've doing the same task, and have found it easiest using the simple client
example in the demos\ssl directory - s_client is reasonably complex for what
is a reasonably simple task.
What I don't understand is how to authenticate the server once the secure
connection has been established
Craig Idler wrote:
> Has someone done something like this in the past? It seems an ssl enabled
> telnet program could do this. It's so easy to use basic telnet talking to port
> 80, but using something that communicates with port 443 is a different story.
Try "openssl s_client". This is similar
Hi there,
We should just be thankful that the considerable work of Fermat, Poincare
and others existed in a time where nobody had found a way to own a plot of
algebra. Without their work, or with an inability to use their work, R, S,
and A would have been unlikely to derive the simple algebraic i
On Tue, Sep 28, 1999 at 08:43:37AM +0200, Heiko Nardmann wrote:
> Since I have a slow authentication I would like to use session caching
> but I am not clear of what to do for it.
>
> Do I have to provide code for every session caching callback (I read
> ssleay.txt)
> or is this there a setting
26 matches
Mail list logo