Re: v3 extension

> Poom Malakul wrote: > > > > Does openssl 0.9.5 support full of v3 extension ? > > Not all of them but many of the more common extensions. Is hard to implement more v3 extensions? How OpenSSL look at PKIX WG, support or will support RFC 2459? Martin _

Antw: problem with openssl-0.9.5a-beta2 under Solaris2.7

Hello Gerard, Openssl is missing /dev/random or a file named .rnd in your Homedirectory. Just do a cat file1 file2 file3 >$HOME/.rnd. Or copy randseed.bin generated by pgp to $HOME/.rnd. .rnd should have a minimum size of 1024 bytes. After this it should work. Greetings Harald >>> Gerard GACH

Re: Verisign -- Want some free certificate over the Internet?

At 08:04 PM 3/28/00 , you wrote: >Want some free certificate from the Internet? >Try www.secureage.com What does this have to do with certs? The site is about a security application, .. not certs - have I missed something? Lee Leland V. L

RE: Verisign/NSI/Thawte monopoly

Odpowiedz automatyczna: Do 31 marca jestem na szkoleniu. W pilnych sprawach prosze o kontakt z Romanem Iwanickim. Z powazaniem, Michal Trojnara >>> "[EMAIL PROTECTED]" 03/29/00 04:45 >>> Hi, Take a look at http://www.openca.org Sam Stern, Bethesda, MD, USA > -Original Message

RE: Verisign/NSI/Thawte monopoly

I looked closely into purchasing a cert from Thawte and it is still something WE'll have to do. What strikes me though is that it seems to me that there is no real value in such a thing. I can for instance incorporate a company and shell out about $200 and get my cert. After that everyone trust

RE: Verisign/NSI/Thawte monopoly

On Tuesday, March 28, 2000 at 04:18:15 PM, [EMAIL PROTECTED] wrote: > hi, > IMHO someone should create a central trusted CA that is open sourced for > all to trust however that would take some doing..;-)) ..anyone interested:-)) I'm game for putting in some time/effort - but I think you're po

RE: Verisign/NSI/Thawte monopoly

Hi, Take a look at http://www.openca.org Sam Stern, Bethesda, MD, USA > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of dreamwvr > Sent: Tuesday, March 28, 2000 6:18 PM > To: [EMAIL PROTECTED]; Hostmaster; [EMAIL PROTECTED] > Subject: RE: Verisig

Client-server authentication in Apache Web Server with OpenSSL. Here it is!

Here is the translation of a paper many of you requested. Some changes where made since the russian variant appeared 2 days ago. Check it. Best regards, Lenya mailto:[EMAIL PROTECTED] Client-server authentication in Apache Web Server with OpenSSL.doc

Re: Verisign -- Want some free certificate over the Internet?

Want some free certificate from the Internet? Try www.secureage.com - Original Message - From: Tariq Habib <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, March 28, 2000 2:30 PM Subject: RE: Verisign > I fully support your point of view. > > > -Original Message- > >

RE: Verisign/NSI/Thawte monopoly

Odpowiedz automatyczna: Do 31 marca jestem na szkoleniu. W pilnych sprawach prosze o kontakt z Romanem Iwanickim. Z powazaniem, Michal Trojnara >>> "[EMAIL PROTECTED]" 03/29/00 01:18 >>> hi, IMHO someone should create a central trusted CA that is open sourced for all to trust however th

RE: Verisign/NSI/Thawte monopoly

hi, IMHO someone should create a central trusted CA that is open sourced for all to trust however that would take some doing..;-)) ..anyone interested:-)) On Tue, 28 Mar 2000, Hostmaster wrote: > There is no governing body that I am aware of. Is it to be yet > another Amercian led thing? That

Verisign/Thawte Atternatives?

At 11:28 AM 3/28/00 , Geoff Thorpe wrote: >Hi there, > > >It's time to have some kind of governing body > >to force the browser makers include all accredited > >CA's in the list of automatically trusted CA's. > >Not the ones that pay them big $$$. PMFJI, .. but I, too, am concerned that the price

Re: Handshake failure when doing a client SSL_write.

From: "Rodger Williams" <[EMAIL PROTECTED]> Subject: Handshake failure when doing a client SSL_write. Date: Tue, 28 Mar 2000 11:17:23 -0800 Message-ID: RWilliams> Hi, I have developed a Linux-based proxy server that successfully transfers data between a client and an API se

RE: Verisign/NSI/Thawte monopoly

There is no governing body that I am aware of. Is it to be yet another Amercian led thing? That is what got things to the state they're in now. Also, what would be an appropriate list to discuss these things, if not openssl-users? Bill Laakkonen www.im1.net > -BEGIN PGP SIGNED MESSAGE-

Handshake failure when doing a client SSL_write.

Hi, I have developed a Linux-based proxy server that successfully transfers data between a client and an API server. I am trying to layer OpenSSL onto the client and proxy server, using s_client & s_server as examples. I am receiving from the client the error: ...routines:SSL23_WRITE:ssl han

RE: Windows NT x Apache 1.3.12

> I am planning to run Apache on a NT 4.0 server. I know people generally > tend to use IIS but I have decided to give it a try. I am facing a problem > now which is to find the correct SSL module for it since http > server Apache > is not distributed along with it. Can anyone give me a hint ? Try

Re: Verisign/NSI/Thawte monopoly

[EMAIL PROTECTED] wrote: > > Gee, > > Before I get flamed for the Subject: > Of course, Verisign and Thawte are American and South African > companies, so cannot be a monopoly You are not well informed on the subject of law in the EU or US. A merger, acquisition or other alliance that does or h

Re: problem with openssl-0.9.5a-beta2 under Solaris2.7

Gerard GACHELIN wrote: > Using configuration from /usr/local/ssl/ssl/openssl.cnf > unable to load 'random state' > This means that the random number generator has not been seeded > with much random data. > Generating a 1024 bit RSA private key > 6724:error:24064064:random number generator:SSLEAY_

RE: Verisign/NSI/Thawte monopoly

Hi there, >It's time to have some kind of governing body >to force the browser makers include all accredited >CA's in the list of automatically trusted CA's. >Not the ones that pay them big $$$. Only if they also ensure that the CAs also pass some level of periodic audit-review to ensure they're

RE: Verisign/NSI/Thawte monopoly

This is way off-topic, but: >force the browser makers include all accredited CA's in the list Please define "accredited CA" But somewhere else, not this list. :) __ OpenSSL Project http://www.ope

RE: Verisign/NSI/Thawte monopoly

-BEGIN PGP SIGNED MESSAGE- It's time to have some kind of governing body to force the browser makers include all accredited CA's in the list of automatically trusted CA's. Not the ones that pay them big $$$. Cheers Paul On Tue, 28 Mar 2000, you wrote: > Gee, > > Before I get flamed for

Re: need help putting ssl into win32 web server

Wade L. Scholine wrote: > > I am going to write a FAQ on this. > > To see source for a minimal SSL client and server, see the demos/ssl > directory. > Also for an even simpler example that hides some of the socket yuckiness round BIOs try demos/bio. Steve. -- Dr Stephen N. Henson. http://

RE: Creating CA certificates file

The "Client does not have certificate" message is from serv and is expected if you're using cli as the client. It's not part of your error. What exactly are you using as arguments for SSL_set_cipher_list()? The old SSLeay_add_ssl_algorithms() was supposed to do that... It looks as though you hav

Re: FW: Extensions

Mark E. Schoneman wrote: > > Hopefully a quick question. I have a certificate request the when printed > out has > "Requested Extensions". How can I add these to the final certificate? Any > pointers would help. > > Mark S. You need to write your own code

Re: Verisign

[EMAIL PROTECTED] wrote: > > I just found out that Verising has aquired NSI. A short while back they > aquired Thawte . > Consentration of economic power like we see in Verisign at this point is > NEVER healthy - or am I overreacting? Shall we file a lawsuit? __

RE: need help putting ssl into win32 web server

I am going to write a FAQ on this. To see source for a minimal SSL client and server, see the demos/ssl directory. To see source for a program that does lots more, including client cert authentication, look at the s_client and s_server programs in the apps directory. You will want to build th

Windows NT x Apache 1.3.12

Dear users, I am planning to run Apache on a NT 4.0 server. I know people generally tend to use IIS but I have decided to give it a try. I am facing a problem now which is to find the correct SSL module for it since http server Apache is not distributed along with it. Can anyone give me a hint ?

FW: Extensions

Hopefully a quick question. I have a certificate request the when printed out has "Requested Extensions". How can I add these to the final certificate? Any pointers would help. Mark S. Here's the request: Certificate Request: Data: Versio

Re: "SSL_CTX_load_verify_locations" fails

On Mon, Mar 27, 2000 at 11:10:43PM -0800, Tugrul Bingol wrote: > > Why "SSL_CTX_load_verify_locations()" fails? > > I am still trying to run the demo server and client but since > "SSL_CTX_load_verify_locations(..)" fails (returns 0) client and server > fail, either. > > Can somebody tell me wh

RE: Verisign/NSI/Thawte monopoly

Gee, Before I get flamed for the Subject: Of course, Verisign and Thawte are American and South African companies, so cannot be a monopoly(Two American companies doing this likely would), and of course NSI, the major marketer of Versign certs, is a registrar for domains, and this cannot be co

Re: problem with openssl-0.9.5a-beta2 under Solaris2.7

gg> But I can't create a new certificate. [...] gg> Generating a 1024 bit RSA private key gg> 6724:error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not seeded:md_rand.c:538: gg> 6724:error:04069003:rsa routines:func(105) :BN lib:rsa_gen.c:182: gg> gg> The same command is working fin

Re: v3 extension

Poom Malakul wrote: > > Does openssl 0.9.5 support full of v3 extension ? Not all of them but many of the more common extensions. > I've tried to add some extensions, for example > extKeyUsage in the openssl.cnf but the error > message was encountered during signing the request. > It would he

"SSL_CTX_load_verify_locations" fails

Why "SSL_CTX_load_verify_locations()" fails? I am still trying to run the demo server and client but since "SSL_CTX_load_verify_locations(..)" fails (returns 0) client and server fail, either. Can somebody tell me what I am doing wrong? I created the root CA: > openssl req -x509 -new -keyou

Re: bind question?

It means the ports in httpsd.conf were being using by other programs already. Change them, and try again. Hazel --- "Zachary T. Wilson" <[EMAIL PROTECTED]> wrote: > I have apache_1.3.12+ssl_1.39. Everything seems to > be running fine except > that in my error logs i have this bind error: > bind

problem with openssl-0.9.5a-beta2 under Solaris2.7

Hello, I installed openssl-0.9.5a-beta2 and rsaref2.0 on a Sparcserver running Solaris2.7. No problem during the install process. But I can't create a new certificate. Here is what I type : /usr/local/ssl/bin/openssl req -new -x509 -days 1000 -nodes -keyout ssl.key/server.key -out ssl.crt/ser

RE: Verisign

I don't... This point has already been discussed in this mailing list. The result is this: you can't trust a CA that delivers a certificate whatever the informations you provide... A CA is not only a technical piece of software to which you send a request and from which you get a properly formatt