REMOVE
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
Hi
I'm trying to make a CA signed certificate. I already have composed/loaded
all of the following "parts" for the certificate:
EVP_PKEY* pCAKey; /* CA private key */
X509* pCACert; /* CA root certificate */
X509_NAME* pX509Subject;/* Certificate subject */
EVP_PKEY* pPubK
On Thu, Feb 15, 2001 at 06:42:54PM -0700, Benjamin Collar wrote:
> I'm writing to both openssl-users and net-snmp-users because I'm not sure
> where the bug really lies, but here's the deal:
>
> I've compiled net-snmp latest stable and openssl latest stable with -g
> using gcc on AIX 4.2.1. All n
I need a new OID in the certificate. This OID is DC
The DC I want is the top level element in the Distinguished Name.
Ie. dc = cn, ou, o, dc
[ new_oids ]
# We can add new OIDs in here for use by 'ca' and 'req'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution li
When OpenSSL saves text files (like PEM files) it only adds a at the
end of each line.
Is there any way to change this default behaviour to instead?
The reason is, that this is what Windows normally uses.
TIA
Kim Hellan
KMD / KMD-CA
http://www.kmd-ca.dk
Mailto:[EMAIL PROTECTED]
___
From: "Sandipan Gangopadhyay" <[EMAIL PROTECTED]>
sandipan> [ new_oids ]
sandipan> # We can add new OIDs in here for use by 'ca' and 'req'.
sandipan> # Add a simple OID like this:
sandipan> # testoid1=1.2.3.4
sandipan> # Or use config file substitution like this:
sandipan> # testoid2=${testoid1}.
> I need a new OID in the certificate. This OID is DC
>
> The DC I want is the top level element in the Distinguished Name.
> Ie. dc = cn, ou, o, dc
>
> [ new_oids ]
> # We can add new OIDs in here for use by 'ca' and 'req'.
> # Add a simple OID like this:
> # testoid1=1.2.3.4
> # Or use config
Hello,
I am trying to compile openssl for win32 with
Visual C++ ( using nmake -f ms\ntdll.mak, like explained in the install.w32 )
but there is an error when the link command is executed :
link /nologo /subsystem:console /machine:I386
/opt:ref /dll /out:out32dll\libeay32.dll /def:ms/LIBEA
Title: Untitled Document
ÁÔÐÇÈËÊÂÐÅÏ¢¿ìµÝ£º2001Äê2ÔÂ16ÈÕ
Èȵ㹤×÷
| ÈËÊÂÐÂÎÅ
| ÇóÖ°°Ù¿Æ
| ÈËÊ°¸Àý
Èȵ㹤×÷
TOP 5
[Copied to Lutz + openssl - looks like you set follow up there]
Hi,
Thanks for two good suggestions. Although I was using neither, they don't
change much:
- I am now using SSLv23_method and SSL_OP_ALL
- The connection fails unless SSL_OP_NO_SSLv3 is included (ie SSLv3 is
excluded)
- The err
On Fri, Feb 16, 2001 at 10:56:47AM +, Andrew Cooke wrote:
> Thanks for two good suggestions. Although I was using neither, they don't
> change much:
>
> - I am now using SSLv23_method and SSL_OP_ALL
> - The connection fails unless SSL_OP_NO_SSLv3 is included (ie SSLv3 is
> excluded)
> - Th
Thanks, thanks and thanks.
I did :
[ new_oids ]
domainComponent=0.9.2342.19200300.100.1.25
and used domainComponent in the other sections as usual. It worked fine.
Also, when installed on IE, it recognised and marked up the domainComponent
value as DC !!!
Exactly, the way it should be!
Regards,
Hello,
I am away from the office until February, 27th.
Swiss-German clients can get support at support-de.realmedia.com,
Swiss-French clients can get support at support-fr.realmedia.com.
If Central Services are concerned, please contact support-eu.realmedia.com.
Kind regards,
Stefan Müller
Hello,
I am away from the office until February, 27th.
Swiss-German clients can get support at support-de.realmedia.com,
Swiss-French clients can get support at support-fr.realmedia.com.
If Central Services are concerned, please contact support-eu.realmedia.com.
Kind regards,
Stefan Müller
Hello,
I am away from the office until February, 27th.
Swiss-German clients can get support at support-de.realmedia.com,
Swiss-French clients can get support at support-fr.realmedia.com.
If Central Services are concerned, please contact support-eu.realmedia.com.
Kind regards,
Stefan Müller
Hello,
I am away from the office until February, 27th.
Swiss-German clients can get support at support-de.realmedia.com,
Swiss-French clients can get support at support-fr.realmedia.com.
If Central Services are concerned, please contact support-eu.realmedia.com.
Kind regards,
Stefan Müller
Title: RE: RE: RE: RE: BAN [EMAIL PROTECTED] from the list, please !!
would a list admin please remove this guy from the list !!
-Original Message-
From: Stefan Mueller [mailto:[EMAIL PROTECTED]]
Sent: Friday, February 16, 2001 9:26 AM
To: [EMAIL PROTECTED]
Subject: RE: RE: RE: R
Hello,
I am away from the office until February, 27th.
Swiss-German clients can get support at support-de.realmedia.com,
Swiss-French clients can get support at support-fr.realmedia.com.
If Central Services are concerned, please contact support-eu.realmedia.com.
Kind regards,
Stefan Müller
I emailed his postmaster, and he claims to have fixed it:
-- Forwarded message --
Date: 16 Feb 01 10:34:27 EST
From: Ron Taguba <[EMAIL PROTECTED]>
To: Mike Pitt <[EMAIL PROTECTED]>
Subject: Re: [RE: RE: RE: RE: RE: RE: RE: RE: RE: RE: RE: RE: RE: RE: Re:
New OID in openssl.cn
smime.p7m
<<...OLE_Obj...>>
--
This message is intended only for the personal and confidential use of the designated
recipient(s) named above. If you are not the intended recipient of this message you
are hereby notified that
Hi,
Can you send more details?
How do you expect someone to help you if you don't provide which system
you're using with!!
Gustavo
- Original Message -
From: Auteria Wally Winzer Jr. <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, February 16, 2001 12:11 AM
Subject: Setting the
After several email exchanges, Brian Muha <[EMAIL PROTECTED]> has
stopped Stefan's vacation message. He did this even though he disagrees
with these two statements I (repeatedly) made:
1. Vacation messages should not be sent in response to mailing
list mail.
2. Vacation messages
Solaris 2.7/2.8, 64bit.
- WWinzer Jr.
Gustavo wrote:
> Hi,
>
> Can you send more details?
> How do you expect someone to help you if you don't provide which system
> you're using with!!
>
> Gustavo
> - Original Message -
> From: Auteria Wally Winzer Jr. <[EMAIL PROTECTED]>
> To: <[EMAIL
The goal:
To generate a 128-bit self-signed CA.
- WW Jr.
"Auteria Wally Winzer Jr." wrote:
> Solaris 2.7/2.8, 64bit.
>
> - WWinzer Jr.
>
> Gustavo wrote:
>
> > Hi,
> >
> > Can you send more details?
> > How do you expect someone to help you if you don't provide which system
> > you're using wi
The smaller the value for e, the faster encryption is. However, some attacks
(Hasted's and Coppersmith's) work better for smaller e. I believe all of
these attacks are blocked by using PKCS#1 block type 2 formatting, but just
for an extra security comfort margin, a larger value of e is often chose
On Fri, Feb 16, 2001 at 11:40:37AM -0500, [EMAIL PROTECTED] wrote:
> After several email exchanges, Brian Muha <[EMAIL PROTECTED]> has
> stopped Stefan's vacation message. He did this even though he disagrees
> with these two statements I (repeatedly) made:
> 1. Vacation messages should not
From: "Sandipan Gangopadhyay" <[EMAIL PROTECTED]>
sandipan> I did :
sandipan> [ new_oids ]
sandipan> domainComponent=0.9.2342.19200300.100.1.25
Did you understand that you probably do not need to do that? It
should be built in to OpenSSL.
--
Richard Levitte \ Spannvägen 38, II \ [EMAIL PROT
From: "Michael H. Warfield" <[EMAIL PROTECTED]>
I'm just simply amazed that this is such a big question. The set of
practices enumerated is really not rocket science, it's been
implemented in the classic Unixly "vacation" program for what feels
like ages, and it seems like any newer vacation pro
Hi there,
On Fri, 16 Feb 2001, Deng Lor wrote:
> I'm eager to know why 65537 is selected as the e, and are there
> any fact proofing it is better than other primes seleted out
> randomly?
"e" itself doesn't have to be prime but it does have to satisfy certain
conditions relative to "d" and the
Hello, my name is Pat. I recently down loaded and installed openSSL
successfully. I have two simple binaries in c, a server side and a
client side. I want to use these simple binaries to prove that openSSL
works between a client and server.
My question is: How do i use openSSL? what do i need t
Richard,
Yes, I did understand so at first, but it didnt work without it :-(
I simply used domainComponent just as organizationalUnit is used without
definition under new_oids (because, of course, they are NOT NEW_oids),
But, when run, this happened -
Organization (domain) [zzz]:
Organizational
"Auteria Wally Winzer Jr." wrote:
>
> The goal:
>
> To generate a 128-bit self-signed CA.
>
That has little to do with the CA certificate and more to do with the
software being used. If clients can only make 40 bit SSL connections
then the clients probably only support 40 bit SSL (the old expo
Pat,
Take a look at http://www.openssl.org/docs and see if that helps. In
particular, take a look at http://www.openssl.org/docs/apps/s_client.html#
and http://www.openssl.org/docs/apps/s_server.html#. If I understand your
question then these links should help you.
__
Title: Certificate install
Well, I have an installed apache with mod_ssl and php working with a dummy certificate.
What do I need to do to install a production one ?
I have already one digital certificate *.crt for a domain, and I pretend to use it (for that domain).
I noticed the apache c
Hi,
Can someone explain what does exportable cipher suite mean? The man page of
openssl ciphers "EXPORT" says it returns all the export encryption
algorithms. Including 40 and 56 bits algorithms.
But does that mean those ciphers suites are legal to use outside of United
States?
Thanks
Patrick
So, in a nutshell openssl doesn't have the ability to create 128-bit
self-signed CA's?
- WW Jr.
Dr S N Henson wrote:
> "Auteria Wally Winzer Jr." wrote:
> >
> > The goal:
> >
> > To generate a 128-bit self-signed CA.
> >
>
> That has little to do with the CA certificate and more to do with the
Hi,
I can give some more details of my problem, which turns to be really weird.
It's still about client/server application that performs DSA authentication,
DH key-exchange and 3DES symmetric encryption. This application is deployed
on several platforms (at the moment Windows, Linux and Solaris).
No. Your question doesn't make any sense, so folks are just trying to guess
what you *might* mean.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From: "Auteria Wally Winzer Jr." <[EMAIL PROT
> Can someone explain what does exportable cipher suite mean?
It means "at the time EXPORT was defined, it was ciphers that were legal
to export outside of the US." Actually, in practice it really meant
what ciphers were supported by browsers exported from the US.
Unless you have a large instal
When a cert is created by openssl (using the CA.pl script):
CA.pl -newca
CA.pl -newreq
CA.pl -sign
I deploy it to Apache. Within my testbed when accessing
the SSL pages when I move the mouse over the lock it shows
the strength of the SSL Secured (40-bit).
Does this has to do w/ the browser? or d
Probably caused by the browser. The certificates don't really have much to
say about whether you get 40-bit or 128-bit cryptography. Upgrade to a
browser that supports 128-bit cryptography.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
And let me say it again, this time with a bit more information.
Windows runs on x86, which is little endian, Linux I assume you are also
running on little-endian (x86). Solaris I assume you are running on
UltraSPARC which if I remember correctly is big-endian. You are not
transferring your keys c
Ok, now we're getting somewhere. It's a misunderstanding of what the values
mean (I'm going to over simplify some to make the points clearer).
When an SSL connection is 40-bit, it means that the negotiated key size is
40-bits.
When you ask to generate an X-bit certificate, that refers to the lengt
"Auteria Wally Winzer Jr." wrote:
>
> So, in a nutshell openssl doesn't have the ability to create 128-bit
> self-signed CA's?
>
There's no such thing as a "128-bit self-signed CA". The certificates
that are advertised as "global server" or "SGC" or "step up" are little
different to ordinary ce
Thanks for the information. Does that mean there is no longer restrictions
on using any of the cipher suites specified by TLS or SSL outside of the US?
Sorry for a simple question. But is it still the case that only Canada and
US are allowed to use browers with 128 bit encryption strength?
Pat
Thanks a lot Joe,
I changed the code and now I transfer the DH public value (struct BIGNUM) in
the binary form and it works fine.
Most probably it was not endian-normalized (even though I put attention to
it, because it's a multi platform application).
I am too embarrassed to admit that I sent the
"Bruker, Ohad" wrote:
Hello,
> I can give some more details of my problem, which turns to be really weird.
> It's still about client/server application that performs DSA authentication,
> DH key-exchange and 3DES symmetric encryption. This application is deployed
> on several platforms (at the m
It's ok, we all make mistakes. I've had similar bugs, probably 3 dozen
times, with various amounts of time to find them.
Joe
- Original Message -
From: "Bruker, Ohad" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, February 16, 2001 2:09 PM
Subject: RE: symmet
Patrick Li wrote:
>
> Thanks for the information. Does that mean there is no longer restrictions
> on using any of the cipher suites specified by TLS or SSL outside of the US?
There never were restrictions on _using_ them, only on exporting.
> Sorry for a simple question. But is it still the
50 matches
Mail list logo
