> > Not quite sure what you mean by bogus certificate.
> Test certificates (Snake Oil and such).
OK.
> > The protection of this private-key is what's important here.
> > You may rely on the hardware being physically secure to prevent the
> > key being stolen, or on the operating system, or requi
Michael Wojcik wrote:
> Here are a couple more techniques for generating some entropy. Like the
> ones Lutz and Bill have been discussing, they have drawbacks - in
> particular, there's no guarantee how much entropy they'll produce, or how
> quickly.
Quite so -- even hardware RBGs have very lim
Greg Stark wrote:
> The server can just add the master secret into its RNG (along with other
> entropy of course). I don't think the extra steps of having the client pass
> more random bytes adds much if anything and requires this extra protocol to
> support and debug.
Be careful -- using th
Can anyone lead me in the correct position? I am trying to access a
https:// webserver with perl. I need to be able to login to a form on a
https:// via a perl script. I was using
LWP::Protocol::https and the user agent but, everywhere I have looked so far
has given me the information that S
On Wed, 24 Jan 2001, Dale Peakall wrote:
> Not quite sure what you mean by bogus certificate.
Test certificates (Snake Oil and such).
> The protection of this private-key is what's important here. You may
> rely on the hardware being physically secure to prevent the key being
> stolen, or on
Bill and Lutz,
The server can just add the master secret into its RNG (along with other
entropy of course). I don't think the extra steps of having the client pass
more random bytes adds much if anything and requires this extra protocol to
support and debug.
I've said it before, but my problem sounds very similar to yours. In my
system, it's not even possible for two threads to be accessing SSL at the
same time, yet still it appears that a given ssl session will get confused,
perhaps like you say it gets signals crossed with another session. Its
I am attempting to run the CA.pl script, that is located under the misc
directory, to generate a new request.
I get the following message:
Using configuration from /usr/local/ssl/openssl.cnf
unable to load 'random state'
This means that the random number generator has not been seeded
with much r
People interested in this topic who aren't familiar with RFC 1750,
"Randomness Recommendations for Security", should probably take a look at
it. It's available from all the usual RFC sources, such as
www.rfc-editor.org.
Besides a useful discussion of randomness and pseudo-randomness in security
Hi all,
I have 2 READ BIOs and I want concatenate it. Because this BIOs are large
copy one BIO to other is too slow. In some case is possible, that this two
BIOs are different type. I found this function but nothing get.
I think this will be good function for example open certificates files and
pu
Hi there,
On Mon, 22 Jan 2001, Shridhar Bhat wrote:
> Hi,
>
> We are trying to deploy multiple SSL-based servers
> in a cluster. We want to share the session cache of each
> of these servers so that connections from same client
> (with session id reuse) can be handled by any server in
> the sam
From: Rich Salz <[EMAIL PROTECTED]>
rsalz> > the CN and Email are separated by a "/" while all other DN components are
rsalz> > separated by ", ". Is there a reason for this behaviour?
rsalz>
rsalz> Because the openssl code 'knows' about some RDNs, and then it just gloms
rsalz> the rest on the e
Hi,
I'm new to this forum (and the whole OpenSSL thing too) :-)
after receiving a certificate from a certificate authority I tried to run
stunnel in order to use the certificate.
here follows the dump:
[root@host]# /usr/sbin/stunnel -f -p /var/ssl/certs/cert_file.crt -d
some.domain:443 -r some
Alberto Rubio wrote:
> True enough, but my problem arouses just a bit later. I can not find ml.exe.
> I have no such program. I did as instructions say.: I installed Microsoft
> Visual C++ (Visual Studio 6.0)and look for an executable xml.exe &
> xml.err . The most similar program was c
> the CN and Email are separated by a "/" while all other DN components are
> separated by ", ". Is there a reason for this behaviour?
Because the openssl code 'knows' about some RDNs, and then it just gloms
the rest on the end. :)
/r$
_
Hi,
There seems to be data shared between different SSL structures. Can anyone
verify this? I know that session caching is shared data but I was
wondering what else. My multithreaded app seems to have difficulty when
one thread is doing an SSL_accept and another thread doing an SSL_read on
diffe
Hi all,
I noticed that in the subject and issuer DN output from "openssl x509 -text"
the CN and Email are separated by a "/" while all other DN components are
separated by ", ". Is there a reason for this behaviour?
Best Regards,
Reiner.
_
> I need to set up secure access to Web accessible database.
> I'm going to be using Apache on a Linux machine, which I have
> already started trying out with bogus certificates. However,
> I need some help on the client side.
Not quite sure what you mean by bogus certificate.
> I know that bot
Hi!
I am currently in a discussion with Bill Browning about entropy gathering
and as suggested I would like to share the discussion with the forum both
for others to be informed and to get more input on it.
Best regards,
Lutz
- Forwarded message from Lutz Jaenicke <[EMAIL PROTECTED]
Alberto Rubio wrote:
> The most similar program was cl.exe (some kind of linker) but
> did not work.
cl.exe is the Visual commando-line compiler...its not likely to be the file your
looking for in this case.
Sinc.
Mikael
__
Title: ld: Badly formed hex number: -std1
I'm trying to build OpenSSL (openssl-0.9.6) on Digital Unix 4.0 (OSF1 V4.0 878 alpha) for use with mod_ssl for Apache, but get the following error:
---
...
ld:
Badly formed hex number: -
Hi everyone!
Can anybody send me a project example for
visual c++ that use openssl 0.9.6 or earlier version?
I have compiled openssl 0.9.6 on Windows NT 4.0
Sp6, but I didn't get a working application. Those few application don't work
for me. What should i do?
Thanks in advance from
Lucian
22 matches
Mail list logo