Hi,
Iam a newbie to openssl, trying to implement a
single threaded server and client. Does openssl come
with a default session manager? if not is there any
known implementation of session manager? My
requirement is to re use the session id's up to a
configurable time limit, ex: 10minutes.
Than
Antonio Ruiz Martínez wrote:
>
> Rabellino Sergio wrote:
>
> > Antonio Ruiz Martínez wrote:
> > >
> > > Hello!
> > >
> > > Like I say in the subject
> > >
> > > How I can create a Cert Store?
> > >
> > > Thanks in advance,
> > > Regards,
> > > Antonio.
> > Are you thinking about the Java
Thanx for your reply. But about question 3. : which API returns "Peer cert
verify depth=2"? Which function returns the depth or where can I find it?
Once more TIA,
Robin
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Lutz Jaenicke
Sent: vrijdag 4 mei
Rabellino Sergio wrote:
> Antonio Ruiz Martínez wrote:
> >
> > Hello!
> >
> > Like I say in the subject
> >
> > How I can create a Cert Store?
> >
> > Thanks in advance,
> > Regards,
> > Antonio.
> Are you thinking about the Java Keystore (and certs... also)?
No, I'm thinking about
Antonio Ruiz Martínez wrote:
>
> Hello!
>
> Like I say in the subject
>
> How I can create a Cert Store?
>
> Thanks in advance,
> Regards,
> Antonio.
Are you thinking about the Java Keystore (and certs... also)?
--
Dott. Sergio Rabellino
Technical Staff
Department of Computer Scie
On Fri, 4 May 2001, Dilkie, Lee wrote:
> It is critical to get the initial seed with as much entropy as possible
yes, it's traditional way to keep openssl' PRNG happy.
However, "a random" inside "server hello" is sent in clear
and it may be appropriate to use low-quality clock-based source her
- Original Message -
From: "Erwann ABALEA" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, May 04, 2001 5:10 PM
Subject: Re: test vectors
>> Could someone tell me where I could find some test vectors for a DES in
CBC mode?
>The last one on the first page is also interesting:
It is critical to get the initial seed with as much entropy as possible and because
you are the OS vendor I don't believe you can do it yourself. I think it's up to the
end users to provide the seed. In the case of small embedded systems, it's a design
issue, to provide the required level of se
On Fri, 4 May 2001, Frédéric Viollet wrote:
> Hello,
>
> Could someone tell me where I could find some test vectors for a DES in CBC mode?
You could have looked for "DES test vectors" in a good web search engine,
such as Google. The second result gives you the URL:
http://csrc/nist.gov/cryptval
Lee,
unpredictable random numbers required for ssl client to set
pre-master secret, client key exchange message, rsa mode.
One can run a "reverse" solution with SSL client on a web server.
Unfortunately this breaks HTTPS. However, you still have
a secure solution and a CA in business :)
would th
Hi
I have got a doubt regarding the 3DES-CBC implementation in openssl. Is it
implementing OUTER CBC or INNER CBC mode.
Thanks and Regards
Ivan
__
OpenSSL Project http://www.openssl.org
User S
At 04:10 PM 5/4/01 +0300, Andreas Bäck wrote:
>The core question is what [it] takes to port it to an embeded system.
FWIW: my number one worry about porting SSL to an embedded system is where
I get my entropy. Because my company sells embedded OS's to end
developers, I need a general solution i
On Fri, May 04, 2001 at 02:56:33PM +0200, Robin Gorris wrote:
> I have some questions on the verification callback function. By the way, I'm
> using the SSL_VERIFY_PEER mode.
>
> 1. Is it best practice to put all the certificate checks in this callback
> function?
Yes, I would recommend doing so
Hi,
I am newbie to this group. I want to know more about keyEncipherment,
dataEncipherment, keyUsage, keyAgreement.
Can you please point to any documents or proper link to know the exact
definitions and usage.
Thanks in Advance.
Ravi
--
A man without a woman is like a statue without pigeons.
Hello,
Could someone tell me where I could find some test
vectors for a DES in CBC mode?
Thank you.
I have (possibly) a similar problem. But just for the sake of completeness, is anyone
aware of a port to VxWorks? If I could hook up with the poor sod that's been through
this before that would probably save my hair at least.
-lee
Hello!
Like I say in the subject
How I can create a Cert Store?
Thanks in advance,
Regards,
Antonio.
--
--
Antonio Ruiz Martínez
Facultad de Informática-Universidad de Murcia
30001 Murcia - España (Spain)
Telf: +34-968-364644 e-mail:
On Fri, 04 May 2001 21:58:44 +0900
RONDAN <[EMAIL PROTECTED]> wrote:
>
> On Fri, 04 May 2001 08:52:13 -0400
> "Gregg Gibson" <[EMAIL PROTECTED]> wrote:
>
> > My plan is to use OpenSSL to provide crypto for ucd-snmp (which uses des,
> > md5, and sha) and ssl for a web server (using rsa, 3des, a
I am also thinking about to port openssl to an embedded system and noticed the
the discussion.
What sizes have you come down to ? and does your embeded system have filestorage ?
fopen() or is the certificates
stored in char []?
The core question is what i takes to port it to an embeded system
Title: RE: how to create CRL with openssl?
Hi,
Very simply :
openssl ca -gencrl -config config_file -out out_file
Then if You want to change format to DER
openssl crl -in in_file -outform DER -out out_file
To first command You can add inf
On Fri, 4 May 2001 14:56:33 +0200
"Robin Gorris" <[EMAIL PROTECTED]> wrote:
> Hi,
>
> I have some questions on the verification callback function. By the way, I'm
> using the SSL_VERIFY_PEER mode.
>
> 1. Is it best practice to put all the certificate checks in this callback
> function?
> 2. I
On Fri, 04 May 2001 21:55:21 +0900
RONDAN <[EMAIL PROTECTED]> wrote:
>
> On Fri, 4 May 2001 08:32:26 -0400
> George Lind <[EMAIL PROTECTED]> wrote:
>
> > How do you generate a CRL with the openssl tool?
> > Thanks,
> > George
> >
> > ___
Hi,
I have some questions on the verification callback function. By the way, I'm
using the SSL_VERIFY_PEER mode.
1. Is it best practice to put all the certificate checks in this callback
function?
2. Is it so that the number of times this function is called is equal to
the verification depth u
On Fri, 04 May 2001 08:52:13 -0400
"Gregg Gibson" <[EMAIL PROTECTED]> wrote:
> My plan is to use OpenSSL to provide crypto for ucd-snmp (which uses des,
> md5, and sha) and ssl for a web server (using rsa, 3des, and sha or md5). I
> will also use it for certificate generation.
>
> I'm going t
On Fri, 4 May 2001 08:32:26 -0400
George Lind <[EMAIL PROTECTED]> wrote:
> How do you generate a CRL with the openssl tool?
> Thanks,
> George
>
> __
> OpenSSL Project http://www.openssl.org
> Us
My plan is to use OpenSSL to provide crypto for ucd-snmp (which uses des,
md5, and sha) and ssl for a web server (using rsa, 3des, and sha or md5). I
will also use it for certificate generation.
I'm going to do some code and makefile editing to get rid of everything else
I can, which I think
How do you generate a CRL with the openssl tool?
Thanks,
George
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager
what would be the cause of:
./configure : ERROR : APACI
failed
???
This is happening when I run:
./configure \
--with-apache=../apache_1.3.19
\
--with-ssl=../openssl-0.9.6a
\
--prefix=/usr/local/apache
thankyou in advance,
john.
Hi all,
Can anyone help me pointing the steps to
be followed for client certificate verification in server.
regards,
Siva K
Hi all,
Can anyone help me where to find sample code for
"client certificate verification"
regards,
Siva K
Hmmm...
I've compiled it with the same solaris-version and the same compiler. I also
have not the sys/bitypes.h and sys/cdefs.h. What development-packages from
SUN do you have installed? Do you use any flags with ./compile?
Ralf Schwiete
--
Ralf Schwiete
Dresdner Global IT Services
Tel.: +4
Hi Marc,
thanks for your help ! The problem for me was to find a function which
switches the socket to nonblocking mode.
Found function ioctlsocket(m_hSocket, FIONBIO, &ulArg); with ulArg > 0. :-)
Thank you !!!
-Ursprüngliche Nachricht-
Von: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
Hello,
after I grep the whole include/ssl directory in the source-tree I had found
it.
Thankyou
>
> Use "chil" instead of "ncipher". The reason for this is that the
> interface used is called "CHIL" (C{something} Hardware Interface
> Library, IIRC, but nCipher folks will most probably have to
33 matches
Mail list logo