I just think I found out what might be wrong here. When I looked over the
root cert and my cert with IE, my cert is missing the "Basic Constraints"
and "Key Usage" attributes.
The question is - is that something wrong I did when I generated the CSR, or
is it something that the cert-signer needs
Title: RE: Tru64 4.0f BN_sqr test fail
> From: Michael Wojcik
> The BN tests use bc to
verify their results. If the system's implementation of > bc is
buggy, some of the BN tests may produce false results. That was a problem
> on AIX 3, for
example. IME, it's best to get and use the
On 10/03/01 02:17 PM, Neulinger, Nathan sat at the `puter and typed:
> I went had generated a csr from ca.key, sent it to UM System, had them sign
> it, brough it back, put it in certificate-chain-file on a httpd server, and
> also used ca.key and the new cert to sign a csr for that web server. (I
Today, I've obtained Crypt::SSLeay module version 0.32. And, it looks
like very promising to the problem that has given me so much headache.
Our iPlanet proxy server is so picky that it would not recognize
VeriSign's issued CA as a valid CA. So, my script which relies on LWP
will fail to connect
> It has probably not be signed as a CA certificate, just as a user
> certificate. OpenSSL rejects such certificates for security reasons.
Yep, figured out how to solve that.
> The x509 utility shouldn't crash though, see if this happens in OpenSSL
> 0.9.6b. If it still does can you send me the
openssl s_client -connect hostname:993
Will do what you need (presumably to test/debug).
-- Nathan
Nathan Neulinger EMail: [EMAIL PROTECTED]
University of Missouri - Rolla Phone: (573) 341-4841
Computing
No,
you can't telnet directly. When a client connects, the SSL handshake is
performed. Telnet knows nothing about SSL. Perhaps there is a telnet
over SSL program out there. Otherwise, I imagine that you could use
stunnel for the SSL and telnet via it.
-Original Message-From:
"Neulinger, Nathan" wrote:
>
> I went had generated a csr from ca.key, sent it to UM System, had them sign
> it, brough it back, put it in certificate-chain-file on a httpd server, and
> also used ca.key and the new cert to sign a csr for that web server. (I
> figured generating new certificates
From: Todd Williams <[EMAIL PROTECTED]>
Todd.Williams> Square test failed!
Todd.Williams> make: *** [test_bn] Error 1
You should find the file test/tmp.bntest, which contains what went
through bc. Perhaps some investigation of it would help?
--
Richard Levitte \ Spannvägen 38, II \ [EMAIL
Title: RE: Tru64 4.0f BN_sqr test fail
> From: Michael Wojcik
> The BN tests use bc to verify their results. If the
system's implementation of > bc is buggy, some of the BN tests may
produce false results. That was a problem > on AIX 3, for
example. IME, it's best to get and use the Gnu
Hi
I wanted to know if the implementation of SSL can work
on TOP of a SCTP transport layer protocol.
OR is there any implementation of SSL which anyone
knows of which works on top of SCTP instead of TCP..
Thanks
Dilip Patel
[EMAIL PROTECTED]
=
Live For Today & not for Tomorrow...
As Tomor
Hello,
I have compiled and run a demo program that encrypts a string of text
and sends it across a socket connection where it is encrypted. This is
obviously using the ssl.h library.
What I need to do is change the encryption from DES to 3DES.
I cannot yet figure out where to do this. Is there
The iPlanet database files which contain the certificates are in the alias
directory under your iPlanet installation, and they have names ending in
key3.db and cert7.db. If they are renamed to key3.db and cert7.db and put
under your .netscape directory, you can use a Netscape browser to export
ce
Thank you for all answers.
Best regards
Lukasz Jazgar
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager
Lukasz Jazgar wrote:
>
>
> I use iPlanet Webserver. Every instance of this server manages its own
> secure database of keys/certificates. Key pairs are generated internally
> by server and there is no possibility to import them from file.
>
The key pairs and certificates of Netscape servers ar
Hey everyone..
I am using the following:
machine 1: Linux 2.4.8 (RedHat 7.1 with new kernel)
machine 2: Solaris 8
packages on both machines:
openssl version 0.9.6
perl 5.6.0
Crypt::SSLeay 0.31
LWP 5.53
And I have the following code in a script:
On 10/03/01 09:03 PM, Lukasz Jazgar sat at the `puter and typed:
> Louis LeBlanc wrote:
>
> . . .
>
> I use iPlanet Webserver. Every instance of this server manages its own
> secure database of keys/certificates. Key pairs are generated internally
> by server and there is no possibility to impo
I went had generated a csr from ca.key, sent it to UM System, had them sign
it, brough it back, put it in certificate-chain-file on a httpd server, and
also used ca.key and the new cert to sign a csr for that web server. (I
figured generating new certificates for the servers isn't that big a deal
Lukasz Jazgar wrote:
> I use iPlanet Webserver. Every instance of this server manages its own
> secure database of keys/certificates. Key pairs are generated internally
> by server and there is no possibility to import them from file.
Are you sure the database isn't a DER-encoded PKCS11 or PKCS1
Louis LeBlanc wrote:
>
> On 10/03/01 05:35 PM, Lukasz Jazgar sat at the `puter and typed:
> > Another question. How to create 2 certificates with the same name?
> > I need them for 2 web servers running on one computer with only one DNS
> > name.
> > Any advice?
>
> I assume these servers are li
why don't you just give the same cert to both of them? After all, they have the same
name...
> -Original Message-
> From: Lukasz Jazgar [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, October 03, 2001 11:36 AM
> To: [EMAIL PROTECTED]
> Subject: 2 certs with same name
>
>
> MindTerm wrote
You need to follow -engine with a specific hardware engine (e.g. -engine
cswift, -engine chil, or -engine atalla). You also have to have the
hardware accelerator installed that goes with the engine that you are trying
to use.
Lynn Gazis
Rainbow Technologies
-Original Message-
From: Lali
On 10/03/01 05:35 PM, Lukasz Jazgar sat at the `puter and typed:
> MindTerm wrote:
> >
> > Hi DS,
> >
> > CA have a database to keep check the ceriticates
> > which she issued. She can't create a new ceriticate
> > with the name already existing in database.
> >
> > M.T.
>
> Hi,
>
> Another
Hi ,
I was wondering how to use the '-engine openssl' option. I'm trying it and
it says : Error : bad option or value.
thanks ,
Sylvain Laliberté
Kontron Communications Inc.
Concepteur logiciel - Software designer
__
OpenSSL
Hi,
I'm decrypting a string (test12345678) found in an input-file.
When I decrypt using two file-BIO's (in the following code-extract this means
replacing out=BIO_new(BIO_s_mem) by out=BIO_new(BIO_s_file) and a
BIO_write_filename(out,outf) ), then the outputfile contains the full decrypted str
MindTerm wrote:
>
> Hi DS,
>
> CA have a database to keep check the ceriticates
> which she issued. She can't create a new ceriticate
> with the name already existing in database.
>
> M.T.
Hi,
Another question. How to create 2 certificates with the same name?
I need them for 2 web servers r
Hey guys,
Sorry if this has been answered already. I'm using LWP to post data to a
https server. The client cert and key is passed properly and the server
verify's me fine when I submit my POST, but I always get the following
warning header from LWP/Protocol/https.pm: "Client-SSL-Warning: Peer
H i ,
I have a simple
query .
I have installed
IMAP-SSL . I have configured it on netscape and outlook express. It is
working fine.
What I want to know
is :
Can I directly
telnet to port 993 ? "telnet 993 " . (As we can do
for port 143 & 110 for IMAP & SSL respectively )
When I t
I'm having trouble with the stability of OpenSSL with Apache on Win32.
OpenSSL 0.9.6, mod-ssl 2.8.2, Apache 1.3.19.
Looks to me like ssl_io_suck_read is following the actx pointer
after the pool has been freed. This would not be a problem on
UNIX where there's only a single thread. It's a probl
cc
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
Title: RE: Tru64 4.0f BN_sqr test fail
> From: Marchelm Bomers [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, October 02, 2001 9:01 PM
> cc -o bntest -I../include -DDSO_DLFCN -DHAVE_DLFCN_H -std1 -tune host
> -O4 -readonly_strings bntest.o -L.. -lcrypto
> ld:
> Unresolved:
> BN_CTX_init
> BN_
Dear all,
Sorry to send the similar email again. I am quite frustrated here. I wish to
decode a big chunk of data array with Blowfish (key size 16 bytes), ECB
mode, and 1024 bytes block by block, like the following picture
|--|
|Big chunk of data |
|--
Hi
Why can I telnet to
port 993 !!!
Typical. I searched the archives, and didn't find anything.
Posted the message here, searched archives in the meanwhile again with other
query strings - and lo there was the answer.
So disregard my previous message, and sorry for bothering.
Attila.
smime.p7s
"make" fails on my SPARC based Solaris8, the relevant part of the output is
shown below.
The basic problem is that ld as called by the gcc complains about illegal
options and a duplicated -o option.
My suspects are the --whole-archive and --no-whole-archive options to gcc,
but I don't know what sh
On Wed, Oct 03, 2001 at 08:04:07AM -0700, John Kolvereid wrote:
>
> Hi,
> I am trying to install mod_ssl-2.8.4-1.3.20 on my RedHat 6.2
> system. I have installed openssl-0.9.6b in my /usr/local/openssl. In
> order to install mod_ssl I must point to my Apache source directory:
> conf
Hi,
I am trying to install mod_ssl-2.8.4-1.3.20 on my RedHat 6.2
system. I have installed openssl-0.9.6b in my /usr/local/openssl. In
order to install mod_ssl I must point to my Apache source directory:
configure --with-apache=DIR
However, I can't find it. I tried /usr/lib/apache w
Dear all,
Sorry to bother you. I wish to encrypt a big chunk of char array (like
3000bytes) using a symmetric key (for example Blowfish 16 bytes)... However
I am not sure how to do that...
Could you please help me out?? I really need your expertise for this issue.
Thank you very much.
Wish you
40 matches
Mail list logo
