olgap wrote:
We would like to use the library openSSL 0.9.5 to generate certificates X.509.
We'd like to do this using our own algorythms of symmetric encryption, hashing
and digital signature.
Does this library support usage of third-party algorythms? If not, do you plan
to add this
..switched to openssl-users as this really isn't a dev question..
..cc of author as well..
I have downloaded openssl-0.9.5a.tar.gz and I can't open it. I get
the
error message :
"error reading header after processing 0 entries".
this usually occurs when you download as ascii as opposed to
Hi all,
does anyone have some instructions or links to
documentation on how I can sign NT/IIS generated
csr's with my Linux based OpenSSL? I generated the
request in IIS, did what I thought would sign and
generate the certificate, but then IIS just said that
what I was bringing back to
Two suggestions:
1) The IIS expects the certificate to be PEM encoded (DER is not accepted).
2) I'm not sure on this one, but I think that your Windows NT must know the
root certificate of the CA that signed the certificate, before you can store
the certificate in the IIS.
Regards,
Kim hellan
Dr Stephen Henson Thank you a lot for your help again and again.
I just want to say that your solution solve the probelm.
And indeed our attempt to call SSL_read() in the server gives
us an error -1 and we handled all ssl_error the same way.
So we changed it and it works.
So Thank you again,
hello!
Suppose that I have a CA-cert A and a cert B that is signed by the
public key of A. I am trying to figure out how to verify that B is
certified by A:
This is what I got so far (which I clearly havent compiled yet :-)
/* load the cert (this works just fine) */
fp =
From: Douglas **UNKNOWN CHARSET** [EMAIL PROTECTED]
douglas/* this is where I am confused, From reading ariels "manuals" I get the
douglas impression that I should create a X509_STORE that contains the ca-cert.
douglas Then I should init the X509_STORE_CTX with this and also an
douglas
On 13 Jul 2000 09:35 George Xu wrote :
I Compiler the openssl-0.9.5a in Alpha Digital Unix4.x.But It appear some
errors .
These are errors messages :
[snip]
make[1]: Entering directory `/usr/users/george/soft/openssl-0.9.5a/apps'
rm -f openssl
cc -o openssl -DMONOLITH -I../include
I got two replies :-
Richard Levitte said :
Richard Well, it looks like Compaq C will just ignore -fPIC when it
compiles,
Richard and try to pass it on to ld when linking is going on. However,
Richard there's no support for -fPIC anywhere in True64.
[ Thanks Richard: I have no idea *what*
Hello!
Thank you both Richard and Mark. Having stored (a CA-cert, a cert
certified by the CA-cert, some data, and a signature of the data using
the cert), I wanted to verify that I really did store all of this
correctly. (clearly I do not store multiple copies of the certs). A
4-tuple like the
From: "Boyce, Nick" [EMAIL PROTECTED]
nick.boyce Richard If you check the manual for ld, you'll probably
nick.boyce Richard find a few lines about '-f fil', where the
nick.boyce Richard filling is expected to be a 4-byte hex constant.
nick.boyce
nick.boyce Well you're quite right; the ld man
Richard Levitte wrote :
nick.boyce But what I don't understand is why you're talking about a
nick.boyce problem with "-fPIC" when my compilation objected to
nick.boyce "-std1" ...
Ah. Well, I'll do some qualified guesses: suppose that the command
line parser in ld is the stupid kind that
From: Douglas **UNKNOWN CHARSET** [EMAIL PROTECTED]
Note: for another example of the use of X509_STORE_CTX and certificate
verifying, look at ssl_verify_cert_chain in ssl/ssl_cert.c.
douglas 1) In apps/verify.c this function is used, what is the _purpose_ of it?
douglas
Boyce, Nick wrote:
Richard Levitte wrote :
nick.boyce But what I don't understand is why you're talking about a
nick.boyce problem with "-fPIC" when my compilation objected to
nick.boyce "-std1" ...
Ah. Well, I'll do some qualified guesses: suppose that the command
line parser
Fine !
Can you send the part of the sourcecode which you make the client req.
Lot of thanks,
hirntod
On Mon, 10 Jul 2000, Wendy Breu wrote:
Hi there,
I did something similar via a tk/expect script to generate a certificate
request.
A user would enter all necessary info for a
From: agray [EMAIL PROTECTED]
agray Richard's spot on here. (he usually is, btw)
*pu*
agray Always remember anything originating from, named like, "OSF"
agray (my ex-employer) will have "anomolies". (DigUnix=OSF/1)
Heh...
[...]
agray some thoughts and an outcome should be put onto dev,
Hi
it sound like
you have to change you policy option in you openssl.cnf.
hope that short info help.
hirntod
On Wed, 12 Jul 2000, Hubbard, David wrote:
Hi all,
I host a few different domains on a linux box running
openssl and using apache/mod_ssl as the web server. I have set
Hi Dave,
I had collect some docu on my server.
I hope you found the right docu.
www.pseudonym.org/ssl/ (klick around)
hirntod
On Thu, 13 Jul 2000, Hubbard, David wrote:
Hi all,
does anyone have some instructions or links to
documentation on how I can sign NT/IIS generated
csr's
Hi all,
I'm new to openSSL, and have what I hope is a simple question. I've
searched the list archives for an answer but didn't immediately see anything
appropriate.
Given a Microsoft CryptoAPI private key blob, what is the easiest way to
convert it to an OpenSSL EVP_PKEY structure?
If it
Many thanks to Richard and Andrew, who explained a DigUnix box's behaviour
magnificently, and also to a bunch of other folks who emailed me direct to
explain the "-fPIC" stuff (which I now know is not relevant to DigUnix - it
generates relocatable code anyway).
I'm now pressing ahead on building
Hi all,
Is there a method provided of couse by Openssl to generate certificate
serial number that are unique?
thanks
Kind regards
Sebastiano Di Paola
__
OpenSSL Project http://www.openssl.org
User
Always watch for -shared and the -expect_unresolved "*" for DigUnix ld
options. I was building api libraries against ssleay for Netscape
server 1--2.x along time ago (3-5 yrs ago) and as i remember this was
necessary.
I'm now pressing ahead on building OpenSSL/Apache/Mod_SSL *with* DSO Apache
Steven Adams wrote:
Hi all,
I'm new to openSSL, and have what I hope is a simple question. I've
searched the list archives for an answer but didn't immediately see anything
appropriate.
Given a Microsoft CryptoAPI private key blob, what is the easiest way to
convert it to an OpenSSL
2 or 3
your time of course ;-)
And in any case, I personally wouldn't trust a shared OpenSL library
just yet. There are just too many things that are about to change...
i've seen - i'm playing hell on keeping up on what's going on. You and
Geoff on the engine work as well as Steve starting
Perusing through the OpenSSL documentation, I've noticed that there appear
to be several ways to handle the situation where you want to have multiple
values for the same key. For instance, I'm trying to define a section which
contains all the known CA's (instead of just relying on the
agray wrote:
2 or 3
your time of course ;-)
And in any case, I personally wouldn't trust a shared OpenSL library
just yet. There are just too many things that are about to change...
i've seen - i'm playing hell on keeping up on what's going on. You and
Geoff on the engine work
Following the various FAQ's, getting certs into MSIE5 is not a problem.
However, when doing "verify" of a cert signed by my own CA, I am being
told that the CA (which I created myself) has no CRL and the cert does
not verify.
If it makes any difference, I'm importing certs into MSIE5 as .der
I intend to ultimately use SNACC as a compiler but using its template
output as the input to a converter to OpenSSL template format.
yea - the one i noticed was the bitstr start. I'm having a hell of a
time doing cvs updates recently - very poor connexns from home.
have you started this - i.e.
agray wrote:
I intend to ultimately use SNACC as a compiler but using its template
output as the input to a converter to OpenSSL template format.
yea - the one i noticed was the bitstr start. I'm having a hell of a
time doing cvs updates recently - very poor connexns from home.
have you
29 matches
Mail list logo