> Poom Malakul wrote:
> >
> > Does openssl 0.9.5 support full of v3 extension ?
>
> Not all of them but many of the more common extensions.
Is hard to implement more v3 extensions?
How OpenSSL look at PKIX WG, support or will support RFC 2459?
Martin
_
Hello Gerard,
Openssl is missing /dev/random or a file named .rnd in your Homedirectory.
Just do a cat file1 file2 file3 >$HOME/.rnd. Or copy randseed.bin generated by pgp to
$HOME/.rnd.
.rnd should have a minimum size of 1024 bytes.
After this it should work.
Greetings
Harald
>>> Gerard GACH
At 08:04 PM 3/28/00 , you wrote:
>Want some free certificate from the Internet?
>Try www.secureage.com
What does this have to do with certs? The site is about a security application, .. not
certs - have I missed something?
Lee
Leland V. L
Odpowiedz automatyczna:
Do 31 marca jestem na szkoleniu.
W pilnych sprawach prosze o kontakt z Romanem Iwanickim.
Z powazaniem,
Michal Trojnara
>>> "[EMAIL PROTECTED]" 03/29/00 04:45 >>>
Hi,
Take a look at http://www.openca.org
Sam Stern, Bethesda, MD, USA
> -Original Message
I looked closely into purchasing a cert from Thawte and it is still
something WE'll have to do. What strikes me though is that it seems to me
that there is no real value in such a thing.
I can for instance incorporate a company and shell out about $200 and get
my cert. After that everyone trust
On Tuesday, March 28, 2000 at 04:18:15 PM, [EMAIL PROTECTED] wrote:
> hi,
> IMHO someone should create a central trusted CA that is open sourced for
> all to trust however that would take some doing..;-)) ..anyone interested:-))
I'm game for putting in some time/effort - but I think you're po
Hi,
Take a look at http://www.openca.org
Sam Stern, Bethesda, MD, USA
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of dreamwvr
> Sent: Tuesday, March 28, 2000 6:18 PM
> To: [EMAIL PROTECTED]; Hostmaster; [EMAIL PROTECTED]
> Subject: RE: Verisig
Here is the translation of a paper many of you requested.
Some changes where made since the russian variant appeared
2 days ago. Check it.
Best regards,
Lenya mailto:[EMAIL PROTECTED]
Client-server authentication in Apache Web Server with OpenSSL.doc
Want some free certificate from the Internet?
Try www.secureage.com
- Original Message -
From: Tariq Habib <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, March 28, 2000 2:30 PM
Subject: RE: Verisign
> I fully support your point of view.
>
> > -Original Message-
> >
Odpowiedz automatyczna:
Do 31 marca jestem na szkoleniu.
W pilnych sprawach prosze o kontakt z Romanem Iwanickim.
Z powazaniem,
Michal Trojnara
>>> "[EMAIL PROTECTED]" 03/29/00 01:18 >>>
hi,
IMHO someone should create a central trusted CA that is open sourced for
all to trust however th
hi,
IMHO someone should create a central trusted CA that is open sourced for
all to trust however that would take some doing..;-)) ..anyone interested:-))
On Tue, 28 Mar 2000, Hostmaster wrote:
> There is no governing body that I am aware of. Is it to be yet
> another Amercian led thing? That
At 11:28 AM 3/28/00 , Geoff Thorpe wrote:
>Hi there,
>
> >It's time to have some kind of governing body
> >to force the browser makers include all accredited
> >CA's in the list of automatically trusted CA's.
> >Not the ones that pay them big $$$.
PMFJI, .. but I, too, am concerned that the price
From: "Rodger Williams" <[EMAIL PROTECTED]>
Subject: Handshake failure when doing a client SSL_write.
Date: Tue, 28 Mar 2000 11:17:23 -0800
Message-ID:
RWilliams> Hi, I have developed a Linux-based proxy server that successfully transfers
data between a client and an API se
There is no governing body that I am aware of. Is it to be yet
another Amercian led thing? That is what got things to the state
they're in now.
Also, what would be an appropriate list to discuss these things, if
not openssl-users?
Bill Laakkonen
www.im1.net
> -BEGIN PGP SIGNED MESSAGE-
Hi, I have developed a Linux-based proxy server that successfully transfers data
between a client and an API server. I am trying to layer OpenSSL onto the client and
proxy server, using s_client & s_server as examples. I am receiving from the client
the error: ...routines:SSL23_WRITE:ssl han
> I am planning to run Apache on a NT 4.0 server. I know people generally
> tend to use IIS but I have decided to give it a try. I am facing a problem
> now which is to find the correct SSL module for it since http
> server Apache
> is not distributed along with it. Can anyone give me a hint ?
Try
[EMAIL PROTECTED] wrote:
>
> Gee,
>
> Before I get flamed for the Subject:
> Of course, Verisign and Thawte are American and South African
> companies, so cannot be a monopoly
You are not well informed on the subject of law in the EU or US.
A merger, acquisition or other alliance that does or h
Gerard GACHELIN wrote:
> Using configuration from /usr/local/ssl/ssl/openssl.cnf
> unable to load 'random state'
> This means that the random number generator has not been seeded
> with much random data.
> Generating a 1024 bit RSA private key
> 6724:error:24064064:random number generator:SSLEAY_
Hi there,
>It's time to have some kind of governing body
>to force the browser makers include all accredited
>CA's in the list of automatically trusted CA's.
>Not the ones that pay them big $$$.
Only if they also ensure that the CAs also pass some level of periodic
audit-review to ensure they're
This is way off-topic, but:
>force the browser makers include all accredited CA's in the list
Please define "accredited CA"
But somewhere else, not this list. :)
__
OpenSSL Project http://www.ope
-BEGIN PGP SIGNED MESSAGE-
It's time to have some kind of governing body
to force the browser makers include all accredited
CA's in the list of automatically trusted CA's.
Not the ones that pay them big $$$.
Cheers
Paul
On Tue, 28 Mar 2000, you wrote:
> Gee,
>
> Before I get flamed for
Wade L. Scholine wrote:
>
> I am going to write a FAQ on this.
>
> To see source for a minimal SSL client and server, see the demos/ssl
> directory.
>
Also for an even simpler example that hides some of the socket yuckiness
round BIOs try demos/bio.
Steve.
--
Dr Stephen N. Henson. http://
The "Client does not have certificate" message is from serv and is expected
if you're using cli as the client. It's not part of your error.
What exactly are you using as arguments for SSL_set_cipher_list()? The old
SSLeay_add_ssl_algorithms() was supposed to do that... It looks as though
you hav
Mark E. Schoneman wrote:
>
> Hopefully a quick question. I have a certificate request the when printed
> out has
> "Requested Extensions". How can I add these to the final certificate? Any
> pointers would help.
>
> Mark S.
You need to write your own code
[EMAIL PROTECTED] wrote:
>
> I just found out that Verising has aquired NSI. A short while back they
> aquired Thawte .
> Consentration of economic power like we see in Verisign at this point is
> NEVER healthy - or am I overreacting?
Shall we file a lawsuit?
__
I am going to write a FAQ on this.
To see source for a minimal SSL client and server, see the demos/ssl
directory.
To see source for a program that does lots more, including client cert
authentication, look at the s_client and s_server programs in the apps
directory.
You will want to build th
Dear users,
I am planning to run Apache on a NT 4.0 server. I know people generally
tend to use IIS but I have decided to give it a try. I am facing a problem
now which is to find the correct SSL module for it since http server Apache
is not distributed along with it. Can anyone give me a hint ?
Hopefully a quick question. I have a certificate request the when printed
out has
"Requested Extensions". How can I add these to the final certificate? Any
pointers would help.
Mark S.
Here's the request:
Certificate Request:
Data:
Versio
On Mon, Mar 27, 2000 at 11:10:43PM -0800, Tugrul Bingol wrote:
>
> Why "SSL_CTX_load_verify_locations()" fails?
>
> I am still trying to run the demo server and client but since
> "SSL_CTX_load_verify_locations(..)" fails (returns 0) client and server
> fail, either.
>
> Can somebody tell me wh
Gee,
Before I get flamed for the Subject:
Of course, Verisign and Thawte are American and South African
companies, so cannot be a monopoly(Two American companies
doing this likely would), and of course NSI, the major marketer of
Versign certs, is a registrar for domains, and this cannot be
co
gg> But I can't create a new certificate.
[...]
gg> Generating a 1024 bit RSA private key
gg> 6724:error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not
seeded:md_rand.c:538:
gg> 6724:error:04069003:rsa routines:func(105) :BN lib:rsa_gen.c:182:
gg>
gg> The same command is working fin
Poom Malakul wrote:
>
> Does openssl 0.9.5 support full of v3 extension ?
Not all of them but many of the more common extensions.
> I've tried to add some extensions, for example
> extKeyUsage in the openssl.cnf but the error
> message was encountered during signing the request.
>
It would he
Why "SSL_CTX_load_verify_locations()" fails?
I am still trying to run the demo server and client but since
"SSL_CTX_load_verify_locations(..)" fails (returns 0) client and server
fail, either.
Can somebody tell me what I am doing wrong?
I created the root CA:
> openssl req -x509 -new -keyou
It means the ports in httpsd.conf were being using by
other programs already. Change them, and try again.
Hazel
--- "Zachary T. Wilson" <[EMAIL PROTECTED]>
wrote:
> I have apache_1.3.12+ssl_1.39. Everything seems to
> be running fine except
> that in my error logs i have this bind error:
> bind
Hello,
I installed openssl-0.9.5a-beta2 and rsaref2.0 on a Sparcserver running Solaris2.7.
No problem during the install process.
But I can't create a new certificate.
Here is what I type :
/usr/local/ssl/bin/openssl req -new -x509 -days 1000 -nodes -keyout ssl.key/server.key
-out ssl.crt/ser
I don't... This point has already been discussed in this mailing list. The
result is this: you can't trust a CA that delivers a certificate whatever
the informations you provide...
A CA is not only a technical piece of software to which you send a
request and from which you get a properly formatt
36 matches
Mail list logo