"Leland V. Lammert" wrote:
> At 02:08 PM 1/6/00 , you wrote:
> >- You must unpack the tar file (which is like a zip file) using
> >something like PkZip or WinZip (or tar -xvf in Cygwin bash).
> I would assume that if someone download a tar file, .. they would have downloaded,
>perhaps, a UNIX fi
[For the list archives]
I think this is now cleared up - openssl by default uses \n rather than
\r\n. However, it is possible to change the format using a simple perl
script (or, apparently, by emailing certificates). Whether lines end
with \n or \r\n does not affect certificate use.
Andrew
Hi to everybody.
When i try to open a encryted e-mail in outlook 98 i can´t do it, because
the following error ocurs:
Can´t open this item. Your key set can´t not be found by the underlying
security system.
If i try to do this with a Verisign´s certificate, there is no error.
Thank you
Hi Andrew,
Andrew Cooke wrote:
>
> Flemming Jans wrote:
> > I'm using openssl 0.9.4 on Sparc Solaris 2.6/2.7 for a webserver like
> > process which must recognize customers from a simple username/password
> > scheme or from a client certificate.
> >
> > The customer 'subscription' is stored in a
I don't treat that book as good reading, at least not the German
version I got in my hands.
Dr. Greg Quinn schrieb:
>
> Steve; not sure what level of book you want; I'm a real newby at this, so
> the book I found very helpful in terms of concept was :
> 1) Internet Cryptography; Richard E Smith
Hi,
Does anyone know how to renew certificate? I tried:
openssl x509 -x509toreq -in cert_file -out csr_file -signkey CA_private_key
but the signature of the created csr_file is incorrect.
Does the 'ca' package have renew function?
In addition, I can't sign certs with same dn but non-over
jackie wrote:
>
> Will you tell me what fields I must fill in my certificate that
> are different from client certificate or normal certificate?
There aren't any that are different, but leaving any blank makes
Netscape throw hissy fits.
Cheers,
Ben.
>
> Ben Laurie wrote:
>
> >
> > a) Use th
At 09:58 07.01.00 +0100, Flemming Jans wrote:
Hello Flemming,
>Andrew Cooke wrote:
>>
>> Flemming Jans wrote:
>> > I'm using openssl 0.9.4 on Sparc Solaris 2.6/2.7 for a webserver like
>> > process which must recognize customers from a simple username/password
>> > scheme or from a client certif
> Oliver Koenig schrieb:
>
> Hello guys,
> I have a problem with my Certificate Signing request. Could you please
> let me know which commands I have to execute in order to generate a
> key and a certificate signing request.
>
> I have asked thawte.com for help, but they gave me the worng
> ins
Yes I think both solution are equivalent from a crypto point of view and are
both definitively better than unstaling manualy a CA cert through an
unsecured download.
There might be to practical difference though:
1) I am not sure that the browser (IE and NN) UI will let the user make the
differe
Martin Leung schrieb:
>
> Hi,
>
> Does anyone know how to renew certificate? I tried:
>
> openssl x509 -x509toreq -in cert_file -out csr_file -signkey CA_private_key
-signkey private_key_for_your_user_cert
>
> but the signature of the created csr_file is incorrect.
>
> Does the 'ca' pa
Well the obvious error is the following message:
Using configuration from /usr/local/openssl-0.9.4/openssl.cnf
Unable to load config info
You should use the -config option with the 'openssl req' command to tell it
where your openssl.cnf file is located.
Ollie
> -Original M
Richard Russo <[EMAIL PROTECTED]>:
> I'm trying to connect to a ssl capable webserver running iis 4.0 with
> rc2/md5 and rc4/md5 at export level with openssl from a redhat 6.0
> (kernel 2.2.5-15 smp) machine running openssl 0.9.4 and am getting
> handshake errors.
>
> (output from demo/bio/sacce
HI:
When I download the tar ziped file (openssl-0.9.4.tar.gz) from openssl.org i
untar and unzip it with Winzip version 7.0 (www.winzip.com), press right
mouse button on openssl-0.9.4.tar.gz file name in the windows explorer and
get the command "extraxt to folder ..", The winzip will unzip an
Nicolas Roumiantzeff wrote:
>
> Yes I think both solution are equivalent from a crypto point of view and are
> both definitively better than unstaling manualy a CA cert through an
> unsecured download.
>
> There might be to practical difference though:
>
> 1) I am not sure that the browser (IE
Flemming Jans wrote:
>
> Hi Andrew,
>
>
> Ok, I have tried the following code snip which works:
>
> client_cert = SSL_get_peer_certificate(con);
> X509_digest(client_cert, EVP_md5(), digest, &digest_len);
>
> Which message digest should I use ? md5 or other ? Is the digest
> guaranteed to be
jon hale wrote:
>
> I am curious about the expiration this patent. Does it definitely expire?
September 20, 2000.
> Can it be renewed?
Thank GATT, no.
__
OpenSSL Project http://www.openssl.org
U
Leland,
> Here is the issue - installing a CA manually provides no more trust than accepting a
>self-signed CERT.
>
> There is also a big downside to installing a CA manually - if the user accepts a CA
>by accident or misintention, that user is open [open = accepting a secure connection
>witho
In your attached file:
bash-2.03# openssl req -new -key
../private/www.windreiter.com.key > www.windreiter.com.csr
Using configuration from
/usr/local/openssl-0.9.4/openssl.cnf
Unable to load config info
Enter PEM pass phrase:
unable to find 'distinguished_name' in
config
problems making Ce
Stephen,
> When you add a CA via an API call from ActiveX control or any other
> method in IE you still can get a series of dialog boxes asking you first
> if you want to download the control. AFAIK you always get a box asking
> whether you want to add the root CA.
>
> With Netscape the method of
Hi ... one of my boxes has openssl 0.9.3 installed. Could anyone point me to a
document of how to upgrade to the current version 0.9.4, or could I just
compile 0.9.4 and it will automatically make all the necessary changes? Thank
you.
_
On Fri, 7 Jan 2000, Michael Sierchio wrote:
> jon hale wrote:
> >
> > I am curious about the expiration this patent. Does it definitely expire?
>
> September 20, 2000.
I recall someone a while back posting to this list that it actually
expires in October and not September as commonly thought;
I'll start by saying that I've done some grovelling through the
OpenSSL code to answer this question but the code is pretty
unobvious so I'd like a sanity check.
The issue is how partial writes are handled in OpenSSL.
There are two cases (at least to be concerned with here),
blocking and non-bloc
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Dr. Greg Quinn
> Sent: Saturday, 8 January 2000 11:04
> To: [EMAIL PROTECTED]
> Subject: Re: Seeking officers for Free-software-friendly CA
>
>
> On Fri, 7 Jan 2000, Michael Sierchio wrote:
>
> > jon ha
The cipher BIO has a nasty bug that can cause some of the final eight
bytes to be lost during decryption. It may affect other BIO's. I'm
using openssl 0.9.4.
The problem is in bio_enc.c, the function enc_read. Consider the
situation in which we enter the function with our buffer ctx->buf empty
25 matches
Mail list logo
