>On Thu, Dec 23, 1999 at 11:53:16AM -0600, Leland V. Lammert wrote:
> > As a toolkit, OpenSSL can only be used *directly* by a programmer
> > that knows C/C++, and in that case documentation is not required, as
> > the programmer has the experience to use the toolkit directly.
>
>As a programmer u
> Dennis Xu wrote:
>
> Hi,
>
> I have a problem when I try load a private key from a PEM-format key
> file:
> The private key and certificate are both exported and converted from
> Verisign's free Personal ID (which is installed into IE 5).
> My load_key function is :
> ...
> static EVP_PKEY
Your verisign root CA has expired: this is the last one in the chain.
You should replace it with a newer version, you can get this from
several places including certs/vsign3.pem in later versions of OpenSSL
or if you have MSIE you can export it using the base64 encoded option.
Steve.
--
Dr Step
Hi,
I have a problem when I try load a private key from a
PEM-format key file:
The private key and certificate are both exported and
converted from Verisign's free Personal ID (which is installed into IE
5).
My load_key function is :
...
static EVP_PKEY *load_key(char *key_file, int
f
Folks,
we are using a Java SSL API called ITISLL (it sits on top of OpenSSL -
or SSLeay) for an application that needs https access to a web server.
So far we didn´t have problems with it. But now since the beginning of
this year we get the following problem when we try to use the stored
certific
Hi,
I have a problem when I try load a private key from a
PEM-format key file:
The private key and certificate are both exported and
converted from Verisign's free Personal ID (which is installed into IE
5).
My load_key function is :
...
static EVP_PKEY *load_key(char *key_file, int
fo
On Sun, 2 Jan 2000, Joe Oravetz wrote:
> I've been using Curl enhanced with OpenSSL to gather sensitive
> information, which requires ascii username and passwords on the command
> line? I'd like to keep the login information secret. Are there ways to
> use OpenSSL features to encrypt/filter the
At 01:22 PM 1/4/00 , you wrote:
>One solution to the fact that the new CA is not embed in IE nor Netscape is
>to:
>
>
>
>Nicolas Roumiantzeff.
Nicolas,
One problem with this scenario - the user is still essentially trusting YOUR server
instead of the CA. By trusting your server to install the
I am attempting to build OpenSSL on a fairly stock RedHat 6.1 system.
Since I'm in the US, I'd like a patent-unencumbered build, and so I'm
trying to compile without rsa, rc5 and idea. I realize that without rsa
I'm limited to SSLv3 only. For my purposes, that's ok.
I do the following:
./config
I too think that the OpenSSL needs some GOOD documentation.
What is the point in developing a product, if
others cannot use it?
We were planning to build a OpenSSL based Client and
server communication system for the Windows platform.
The system was to be used by 20,000 clients on the field.
We
One solution to the fact that the new CA is not embed in IE nor Netscape is
to:
1) get a certificate from Verisign for component developers (2 actually, one
for IE and one for Netscape),
2) Develop an ActiveX for IE and a Plug-in for Netscape which installs the
new CA certificate as trusted (usi
On Thu, Dec 23, 1999 at 11:53:16AM -0600, Leland V. Lammert wrote:
> As a toolkit, OpenSSL can only be used *directly* by a programmer
> that knows C/C++, and in that case documentation is not required, as
> the programmer has the experience to use the toolkit directly.
As a programmer using Open
Dr. Greg Quinn wrote:
> A big limitation as far as I can see would be getting certs
> pre-installed into web browsers. The chance of either MS or
> netscape doing this would be close to none.
Yes. On the other hand, there is a way of giving people a trusted
copy of the root certificate without
andrew> Presumably the fix is to link against a library which has
andrew> t_time defined as something larger (or at least unsigned) -
andrew> does such a library exist?
Yes. Solaris 7 (on Sparc) has 64 bit time_t, and thus the libc that
comes with it does as well. I think that True64 Unix (on A
Leland V. Lammert wrote:
> I don't think you have placed OpenSSL in the proper
> perspective. OpenSSL is a *toolkit* used primarily with OTHER
> applications.
Most toolkits have documentation, though. Developers need to know how
to use the product just like anyone else. For an example, see the
Rodney Thayer wrote:
>
> you should be able to go to at least 2049, as the PKIX limit
> is around 2050. I know some vendors have tested this.
PKIX is not limited to 2050, it simply changes format at that point. The
problem is, presumably, that the date calculation is not carried out in
an appro
i was too hasty posting the question - turns out my ca's certificate expired. my
apologies for wasting time/bandwidth.
-a
"Leland V. Lammert" wrote:
> At 12:01 PM 1/3/00 , you wrote:
> >hi,
> >
> >i have an apache with mod ssl installed in november and i was using
> >self-signed openssl genera
17 matches
Mail list logo
