On Mon, Jul 16, 2001 at 04:21:17PM -0700, Sejin Choi wrote:
> But what I wanted to know was how to generate a CA file which is the second
> argument for the SSL_CTX_load_verify_locations you mentioned.
> Could you please help me on this?
The CA file is the concatenated list of CA certificates in
You can generate a CA certificate file using `openssl req` command. This will
be basically self signed certificate.
Example:
openssl req -new -newkey rsa:1024 -md5 -x509 -keyout cakey.pem -out
cacert.pem
Then generate the client or server certificate using cacert.pem and cakey.pem
files.
Re
Haya,
I am new to the list and forgive me if this question
had been asked before.
Could anyone instruct me the detail procedure (or a
website link) to incorporate self-developed
cryptography algorithms in OpenSSL enviroment
(different from those provided before as RC4 etc)? Has
SSL set special I
Hi,
is there s.o. who already encounter problems with "trusted" and normal
certificate request with 0.9.6 ?
is the trusted and untrusted certificates compatible with this version ?
how create a trusted certificate request in a C code ?
how to read a not "trusted" certificate request ?
Is it
From: "Norman Zhang" <[EMAIL PROTECTED]>
nzhang> But why is the default certificate that came with Linux
nzhang> Mandrake 8.0 box has the private key in it? And it works;
nzhang> however, if use the ones that I created myself, the connection
nzhang> times out after a long delay.
Ah, the file tha
On Mon, Jul 16, 2001 at 06:16:36PM -0700, Nilesh Vaghela wrote:
...
> /*/
> All the above code works fine but when it comes to
> accept a conenction if client generates SSLv3 reqiest
> I get no proble but if it generates SSlv2 (40-bit
> encryption) I am gett
On Tue, Jul 17, 2001 at 02:45:57PM +1000, Damitha Bogahawatta wrote:
> openssl req -new -newkey rsa:512 -md5 -x09 -keyout cakey.pem -out
> cacert.pem
>
> Then created server and client certificates and signed them using CA's
> private key. But when I use these certificates I am getting three erro
hi
> Hmm. When you perform SSL_new(), you should see (openssl/ssl/ssl_lib.c:232):
> s->options=ctx->options;
>
> I don't really see what should go wrong at this point.
> Lutz
Yes you are right (i forgott the check the return value of SSL_connect()
and so SSL_get_version returned wit
Alan Love wrote:
>
> Haya,
>
> I am new to the list and forgive me if this question
> had been asked before.
>
> Could anyone instruct me the detail procedure (or a
> website link) to incorporate self-developed
> cryptography algorithms in OpenSSL enviroment
> (different from those provided bef
stef wrote:
>
> Hi,
>
> is there s.o. who already encounter problems with "trusted" and normal
> certificate request with 0.9.6 ?
>
> is the trusted and untrusted certificates compatible with this version ?
>
> how create a trusted certificate request in a C code ?
> how to read a not "trus
On Tue, Jul 17, 2001 at 08:36:47AM +, skyper wrote:
> printf("FIRST ssl_connect: %d\n", SSL_connect(ssl));
> printf("ssl version:%s\n", SSL_get_version(ssl));
> SSL_clear(ssl);
> SSL_free(ssl);
> /* tcp connection is still established...good */
> /* we do not free c
Hi guys
Does anyone know how to access the windows local computer store to obtain
the certificate and the private key or at least how this is stored so I can
gain access to it.
If thats a bit hard to work out whats the best way to store a users private
key on the system. I know that user keys h
I was looking at the relevant openssl code where it verifies client
certificate. I fugured out that it creates a STACK_OF x509 cert store and
pushes client certificate to it. It then passes this stack to a verify
function which verfies the whole cert chain against s->ctx->cert_store. I
was unabl
On Tue, Jul 17, 2001 at 11:13:04AM -0400, Imran Badr wrote:
> I was looking at the relevant openssl code where it verifies client
> certificate. I fugured out that it creates a STACK_OF x509 cert store and
> pushes client certificate to it. It then passes this stack to a verify
> function which v
I want to add an Object ID to certificates, to offer a unique user id which
will show up in the Subject field of the Certificate.
In this case I have chosen the OID from the original X500 tree
0.9.2342.19200300.100.1.1 as user id.
Having read the documentation (but perhaps not understanding it a
Ok, thanks a bunch. I got that working, and found what appears to be a
decent number of memory leaks. I know my application is leaking memory,
but the output i'm getting isn't really of much use to me. Could anyone
assist me in interpreting the snippet of output I've attached below.
There is m
does OpenSSL automatically resume SSL sessions on server side if the same
SSL_CTX object is used for all the client connections? or are some steps
required to enable session resumption?
what about on the client side? i've gotten the impression that the client
application needs to keep track of s
On Tue, Jul 17, 2001 at 10:10:32PM +0300, Marko Asplund wrote:
> does OpenSSL automatically resume SSL sessions on server side if the same
> SSL_CTX object is used for all the client connections? or are some steps
> required to enable session resumption?
The server automatically supports session
I don't know if you're writing a client or a server, but I'll just
describe what I did:
- hack up your code with some conditional memory debugging stuff such
that it accepts (or connects) a fixed number of times and then
calls CRYPTO_mem_leaks_fp() and exits.
- run the program for one connect
Hello,
I'm writing this from a Mac OSX system and I just got a good compile and
install of SSL 0.9.6b on this system but have a comment/update to make.
Rather than remove these 2 files and 2 sym-links, I just compressed them
as I didn't know weather or not I would need them in the future.
But an
"C. Gould" wrote:
>
> Ok, thanks a bunch. I got that working, and found what appears to be a
> decent number of memory leaks. I know my application is leaking memory,
> but the output i'm getting isn't really of much use to me. Could anyone
> assist me in interpreting the snippet of output I
"McAlister, Keith" wrote:
>
> I want to add an Object ID to certificates, to offer a unique user id which
> will show up in the Subject field of the Certificate.
>
> In this case I have chosen the OID from the original X500 tree
> 0.9.2342.19200300.100.1.1 as user id.
>
> Having read the docume
Hello,
Please correct me if I'm wrong, but I'm under the general impression that
when accessing a secure site, client-server authentication is done via RSA
using 1024 bits and once authentication is established, web page encryption
is done with some other method using 128 bit. I'm interested in ve
Hi, I am interested in starting an on-line casino. I need to know what you
guys recommend as far as programming, programers, links, security issues,
etc.. I know that this will be expensive to develop, but have the money
available for a super on line casino and web site.
Please let me know,
[EMAIL PROTECTED] writes:
> Please correct me if I'm wrong, but I'm under the general impression that
> when accessing a secure site, client-server authentication is done via RSA
> using 1024 bits and once authentication is established, web page encryption
> is done with some other method using 12
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I'm trying to establish an sshv2 connection with a FreeBSD box. The
machine is running FreeBSD 4.3-stable and the sources were last
updated two days ago and the machine has undergone a complete
recompile (make [build|install]world; make [build|inst
Thanks Richard. Your post does clarify much of my confusion. But I am still
stuck in concatenating the certificate with the private key. I first create
a self signed cacert.pem using,
> openssl req -newkey rsa:1024 -x509 -keyout cacert.pem -out cacert.pem
Then I created CA directories and files,
Hello Folks
where is good place to go to read about
US export restrictions of security software( OpenSSL..etc)
Thanks
Carlo
-
Carlo Villongco
Security Engineer
Critical Path Inc.
Email: [EMAIL PROTECTED]
> Hello Folks
>
> where is good place to go to read about
> US export restrictions of security software( OpenSSL..etc)
>
> Thanks
> Carlo
The best place to go is the horse's mouth:
http://www.bxa.doc.gov/Encryption/Default.htm
DS
As the other two Stephen commented, look for the top-most structures, that
is the higher-level structures that contain other structures. From your
output below, it looks like the top-most structure is the one allocated at
ssl_sess.c:114. This is the SSL_SESSION object allocated by
SSL_SESSION_ne
Hi, I was just curious.. when I sign a request and create a
certificate with the signing authority I created, does this create a 128
bit or 40 bit certificate? Is there any way to tell? I'm a bit confused
as I'm not sure if there's a relation to the fact that I used 1024 bits to
create t
31 matches
Mail list logo