Hi
I'm looking for what the parameters for X509_NAME_ENTRY_create_by_NID mean. I can see what they are in the source code but is there a site where the function(s) for creating a certificate is explained.
After a search on X509_NAME_ENTRY_create_by_NID using google, no reference to the open
It is said that openssl only support SMIME v2,
but you can try http://www.getronicsgov.com/hot/sfl_home.htm , it
supports SMIME v3.
hopes it will help.
Wooce
- Original Message -
From: "viswanath" <[EMAIL PROTECTED]>
To: "openssl users" <[EMAIL PROTECTED]>
Sent: Wednesday, November 21
Wooce --
Outlooks support of revocation checking is done through CrptoAPI,
see
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechn
ol/WinXPPro/support/tshtcrl.asp to better understand how chaining and status
determination is done.
As for its OCSP
hey guys,
I want to know if openssl or any other toolkit supports
smime v3.
Would be nice if u could send the links.
thanx,
vish.
__
OpenSSL Project http://www.openssl.org
User Sup
Yes, I am probably mistaken in that regard about the status of Net::SSLeay.
I believe it was actually shelved for a while, and then picked up again, but
this was some time ago and memory may not serve me. In any case, the issue
is not operability with openssl, but with LWP. And as you can see from
Thanks to Leon and Juan.
Maybe it should be OCSP(Online certificate status protocol) instead of OSPF.
When choose "Tools"->"Options"->"Security"->"Advanced" in Outlook Express,
There's an option about
revocation checking, you can choose between "only when online" or "never".
If you choose "onl
Title: RE: dont want private key of the client in the ldap
Steve,
Could you please let me know the exact openssl commands for generating the CA cert
and Client certs, both without compromising the private keys.
As u told, CAs private key is sent to everyone in the following method. But I co
I hope this isn't inappropriate for this list.
This minor change in Configure allows openssl-0.9.6b
to build on qnx 6.1.0.
*** Configure.orig Mon Jul 9 10:08:37 2001
--- Configure Wed Nov 21 15:37:59 2001
***
*** 322,327
--- 322,330
# QNX 4
"qnx
On Wed, 21 Nov 2001, Keary Suska wrote:
> ...
> It's your choice which to use, though the read me states that Net::SSLeay
> doesn't directly support LWP, so I imagine you will get better results with
> LWP if you use the library recommended by the author.
yes, this choice is a matter of opinion
On Tue, 20 Nov 2001, Keary Suska wrote:
> ...
> I would recommend that you remove Net::SSLeay and install Crypt::SSLeay. The
> former is no longer being maintained (and is considered deprecated), and may
> not function properly with newer openssl versions, but the latter is being
> actively maint
What are the steps for making a self-signed digital
certificate that Outlook likes?
I am trying to create a digital signature using a
self-signed CA and Outlook keeps telling me that I
have an invalid format. The procedure I'm following
is below. In summary, I create my self-signed CA, I
create
X.509 certificate does NOT contain ANYTHING related to CRL.
but X.509 contains a serial number which WILL be included in VeriSign issued
CRL list in case the certificate was revoked.
http://onsitecrl.verisign.com/ in the site where you can check if you
certificate was revoked.
put serial number
It seems like there's a problem in concepts, a certifcate cannot
contain a
CRL, but a CRL can contain one or more certificates. Considering that,
a
certificate cannot even be sure to be contained in a CRL, that can only
known by checking the CRL. Regarding your second question, a
certificate
can
If I would offer my best guess, I would say that your openssl libs were
compiled for a CISC architecture (such as Intel), the key words "586" and
"little endian" giving clue. I can't imagine how if you compiled the openssl
libs yourself, but it could happen if you installed an RPM built for CISC.
There may be a problem with the random generator code. The source
has some specific treatment for win2000 and performance counter
stuff, it seems that actually you can have the problem also on
nt machines, it seems that this depends on what kind of software
you have installed.
__
On Thu, Nov 22, 2001 at 01:44:57AM +0800, Lim Kwang Eng wrote:
> Anyone knows how to install Redhat 7.2 RPM version of openssl over the
> Redhat 7.1 RPM version openssl?
You need to get the openssl096 compatibility package;
ftp://rpmfind.net/linux/redhat/7.2/en/os/i386/RedHat/RPMS/openssl096-0.9
Your CPAN is out of date. The current Crypt::SSleay version is 0.35.
Additionally, LWP recommends Crypt::SSleay (see README.SSL in the source
tree). I had problems in the past with both Net::SSLeay and Crypt::SSLeay
installed when using LWP, which is why I recommended removing it.
It's your choic
Anyone knows how to install Redhat 7.2 RPM version of openssl over the
Redhat 7.1 RPM version openssl?
It seems that even if I do this
rpm -Fvh --nodeps openssl-0.9.6b-8.i386.rpm
there will be some ssl library files missing when I launch KDE or some
other apps.
Thanks
Joe Orton wrote:
> On Tu
Hi Mark
"Nazzaro, Mark (Mark)" wrote:
> We are getting the following error messages in our Apache error_log:
> [Wed Nov 21 08:43:40 2001] [error] mod_ssl: SSL handshake failed (server
> mylucent.web.lucent.com:443, client 135.103.93.70) (OpenSSL library error
> follows)
> [Wed Nov 21 08:43:40 20
We are getting the following error messages in our Apache error_log:
[Wed Nov 21 08:43:40 2001] [error] mod_ssl: SSL handshake failed (server
mylucent.web.lucent.com:443, client 135.103.93.70) (OpenSSL library error
follows)
[Wed Nov 21 08:43:40 2001] [error] OpenSSL: error:27066221::lib(39)
:func
>-Original Message-
>From: Richard Levitte - VMS Whacker [mailto:[EMAIL PROTECTED]]
>Sent: 20 November 2001 19:42
>To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
>Subject: Re: RPM & Source code version
>
>
>From: Eric Daigneault <[EMAIL PROTECTED]>
>
>scouby> At 03:40 PM CN=a2011in.O=acv0111 +00
On Wed, Nov 21, 2001 at 04:39:52PM +0530, Krishnaswamy R. wrote:
> Iam working on a TLS client using OpenSSL on VxWorks.
> I need to do server authentication. The openssl function
> SSL_CTX_load_verify_locations() takes a file as a
> parameter for the CA certificate. In my application, there is
>
On Wed, Nov 21, 2001 at 06:17:21PM +0530, Krishnaswamy R. wrote:
> Iam using a certificate verification callback function as follows
>
> SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, cert_verify_cb);
>
> In the callback function, in addition to the standard certificate
> verification done by Open
Hello Group,
Resending, somehow it didn't go through the first time.
Regards,
Prashant.
http://developer.intel.com/ial/security/documentation.htm
Look for "Integrating CDSA into OpenSsl"[It in PDF format] in
the "white papers" section.
Also look for "SSL and CDSA" in "presentations" section
Here are some RFC's containing security discussions regarding SMTP
that you might find helpful:
http://www.ietf.org/rfc/rfc2449.txt
http://www.ietf.org/rfc/rfc2487.txt
http://www.ietf.org/rfc/rfc2554.txt
http://www.ietf.org/rfc/rfc2595.txt
-Original Message-
From: Eric Daigneault [mailto
On Wed, 21 Nov 2001, Lugeon Blaise wrote:
> Everything works fine, except for some serial number: If a my serial number
> starts with a number higher than 7, OpenSSL adds 00 before it.
>
> Ex:
>
> 7FF5A2 -> 7FF5 A2 : Correct
> 8FF5A2 -> 008F F5A2 : Incorrect
> FFF5A2 -> 00FF F5A2 : Incorre
I obvioulsy had abrain lapse :) Never copied over new httpd.conf-dist,
thanks for saving me ! man im glad we have 4 days off this week ! Have
a good T-Day and some Sam Admins to boot.
Thanks to all who replied !
-D
Cdowns wrote:
--
Hi,
For authentication-issues, you should start at www.linuxsecurity.com, they
have a good security-discuss list !
At 10:13 AM CN=111553.OU=Pa01L +0100, you wrote:
>Hi All,
>
>I know this is not the place to ask this question but I need to start
>somewhere.
>
>I'm in the midlle of implement
Hi Steve
At 12:48 21.11.2001 +, you wrote:
>You can't use a PKCS#12 file to import a CA certificate only into a
>browser. Read the FAQ for more info.
Sorry if this was pure RTFM
Erich
__
OpenSSL Project
Hi all,
Iam using a certificate verification callback function as follows
SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, cert_verify_cb);
In the callback function, in addition to the standard certificate
verification done by OpenSSL, i need to check the subject-name
of the peer certificate.
Since
Erich Titl wrote:
>
> Hi Folks
>
> This refers to openssl 0.9.6b
>
> I try to export a cacert to a pkcs12 file using
>
> openssl pkcs12 -export -inkey RufCA/private/cakey.pem -out cacerts.p12
> -cacerts -nokeys -name "Ruf CA Certificate" < RufCA/cacert.pem
>
> Maybe I havent fully understood
Hi all,
Iam working on a TLS client using OpenSSL on VxWorks.
I need to do server authentication. The openssl function
SSL_CTX_load_verify_locations() takes a file as a
parameter for the CA certificate. In my application, there is
no standard file system and I have the CA cert(DER form)
in memory
Dear,
I have some trouble with CRL creations and some certificates serial number.
I wrote some code using OpenSSL 0.9.6 to create and sign a CRL. I can
specify the serial number (hex) of the certificates which I want to revoke.
Everything works fine, except for some serial number: If a my seria
On Tue, Nov 20, 2001 at 03:40:32PM +, [EMAIL PROTECTED] wrote:
> Hi Sirs,
>
> I'm running RedHat 7.1 with kernel 2.4.3-12 on my Intel P3 866 system.
> Recently, I just removed the openssl package that came with RedHat 7.1
> and I installed the source package from the openssl website. After
Hi,
I create a certificate request to CA with keytool (JDK tool)
keytool -certreq -alias firmacliente -file reqclien.csr -keystore
cliente
I export to file in CA path (copy ...). I will validate the reqclien.csr
And then i execute:
Openssl ca -in reqclien.csr -verbose
And then
Title: SMTP server questions
Hi All,
I know this is not the place to ask this question but I need to start somewhere.
I'm in the midlle of implementing event-sinks for a SMTP-server. Where can I ask some technical questions concerning authentication-issues.
Thank you very much for the
Hi Folks
This refers to openssl 0.9.6b
I try to export a cacert to a pkcs12 file using
openssl pkcs12 -export -inkey RufCA/private/cakey.pem -out cacerts.p12
-cacerts -nokeys -name "Ruf CA Certificate" < RufCA/cacert.pem
Maybe I havent fully understood this but the -nokey should prevent the
Hi
At 10:08 21.11.2001 +0100, you wrote:
>PS: I had mounted the sources required for the OpenSSL for my PowerPC from
>a PC, where already a pre-complied version of openSSH and OpenSSL were
>existing.
>
>Your's sincerely,
>Suja.
>
>Output:
> File in wrong format: failed to merge target specifi
Dear OpenSSL team,
I am a user of "OpenSSH" and when I try to self-compile openssh
for my PowerPC, it needs also the OpenSSL libraries. So, due to the above
reasons, I had to also get OpenSSL installed on my powerPC inorder to get
a running version of openSSL.
But during the installation (at
Hi,
I am a newbie to openssl. How can I extract the publickey and
privatekey... when I have xx.p12 and xxx.cer. Could you give an example?
Thanks in advance.
Aqualic,
[EMAIL PROTECTED]
__
OpenSSL Project
Hi
I have come into this thread a bit late. Having just completed Inetd.d
/openssl I might be able to help butI do not have the original question.
Inetd uses stdin and stdout (0,1). I have noted that any debugging
indormation (printf etc) sent to these ports intereferes with the
comminication. I
41 matches
Mail list logo
