The recently published SNMP vulnerabilities are mostly ASN.1
vulnerabilities. Has anyone reviewed the ASN.1 code, and OpenSSL's usage
thereof, to see if there are any issues?
--
Carson Gaspar - [EMAIL PROTECTED]
Queen Trapped in a Butch Body
___
Hi Damian,
This won't be possible. The Verisign certificate in your MS browser is a public
root certificate, and you would need the corresponding private key to sign any
certificates. Do not expect Verisign to hand over this private key to you!
What you could do is to place your own public roo
On Thu, 28 Feb 2002, Hasnain Mujtaba wrote:
> Which PKCS format does the output of openssl command "genrsa" conform
> to? I want to store the private key in a Java Keystore. To do that, I
> need to first convert the encoded private key bytes into a KeySpec. I
> use PKCS8EncodedKeySpec class to
In article <[EMAIL PROTECTED]> you wrote:
> My Exim at home told me:
>
> 2002-02-27 00:26:47 16fqYW-8y-00 world.openssl.org [129.132.7.153]: Connection
>refused
> 2002-02-27 00:26:47 16fqYW-8y-00 == [EMAIL PROTECTED] T=remote_smtp
>defer (111): Connection refused
>
> Hmmm, are they
Hi
Which PKCS format does the output of openssl command “genrsa”
conform to? I want to store the
private key in a Java Keystore. To
do that, I need to first convert the encoded private key bytes into a
KeySpec. I use PKCS8EncodedKeySpec
class to encode PKCS8 keys but can’t use this c
I'm rather new to the SSL world, but I have a simple issue. I paid big $$$
to Verisign for a Certificate for my web server. It seems to me that the
only reason I had to pay big $$$ is because Microsoft lists Verisign as a
Trusted CA. Since Microsoft won't list me as a trusted CA, can I do the
f
Title: REMOVE
REMOVE
See manual for "openssl x509".
Use "-inform DER" and "-outform PEM". Think, it helps.
Regards, Steffen
> -Ursprüngliche Nachricht-
> Von: Craig A Lewis [SMTP:[EMAIL PROTECTED]]
> Gesendet am: Donnerstag, 28. Februar 2002 19:17
> An: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Betreff:
Hello does calling SSL_Connect mean that i would
not have to call the TCP Connect
-SIGTERM
amit
That's pretty serious. Can you provide the certificate so that Verisign can
respond? I'd like to know what's going on. Their certificates are worth
nothing if their procedures can't be trusted.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of
[EMAIL PRO
Well, it was worth a try. ;)
Time to fork over the 200 large or whatever it is to become a CA. (I'm from
Chicago, we talk like that).
- Original Message -
From: "Rich Salz" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Thursday, February 28, 2002 8:31 PM
Sub
> I want to issue certs off the purchased cert so that I don't have to keep
> purchasing them. Is this possible, and, Kevin, is this Legal?
It is possible; you can use the cert as a CA cert.
Is it legal? Probably, it depends on what is in the agreement you have
with Verisign.
Will it work? No
secuser wrote:
>
> I, I am using Mandrake 8.0. Here is my problem:
>
> Hello, I run Linux Mandrake 8.0 on an i586 system. When trying to install
> python2.1-2.1.2-1.i386.rpm I recieve the following messages:
That's not the python package that comes with Mandrake 8.0.
If you're trying to insta
As I said, payment was made via wire transfer, and the email address was
free, there are a lot of free sites out there. However, this was only an
experiment of sorts. Every cert I have registered, has beed verified, for
business reasons. The question remains however,
> Can I do the following?
Thanks. ActivePerl seemed to do the trick.
-Original Message-
From: Dr S N Henson [mailto:[EMAIL PROTECTED]]
Sent: Thursday, February 28, 2002 2:57 PM
To: [EMAIL PROTECTED]
Subject: Re: Win32 compile
Jonathan Augenstine wrote:
>
> I had no problems compiling on Solaris but I have bee
Hallo Bogusław,
Am 2002-02-26 um 22:30 schriebst du:
> How to make HTML documentation from POD files ?
pod2html comes with perl.
Once you have converted all to single html files you can make a big
CHM package out of it.
> Or maybe current documentation in HLP CHM or PDF files exists?
Sure, I
I, I am using Mandrake 8.0. Here is my problem:
Hello, I run Linux Mandrake 8.0 on an i586 system. When trying to install
python2.1-2.1.2-1.i386.rpm I recieve the following messages:
error: failed dependencies:
libcrypto.so.2 is needed by python2.1-2.1.2-1
libdb-3.2.so
Hallo Bogusław,
Am 2002-02-26 um 19:06 schriebst du:
> Another problem is documentation . I know that it is in POD format but how
> to make it in HTML ?
> I did probe to make it with pod2html perl script (included in ActivePerl
> distribution) but without success.To many errors is produced and I
Hallo openssl-users,
2002-02-27 00:26:47 16fqYW-8y-00 world.openssl.org [129.132.7.153]: Connection
refused
2002-02-27 00:26:47 16fqYW-8y-00 == [EMAIL PROTECTED] T=remote_smtp defer
(111): Connection refused
Hmmm, are they using Orbs or some other service? Why is posting for
subscri
REMOVE
Mads Rasmussen wrote:
>
> Hi there,
>
> A question about certificates:
>
> In the rfc 2459 definition of the crl format
>
> 5.1 CRL Fields (page 42)
>
> TBSCertList ::= SEQUENCE {
>
> .
> .
> .
>
> revokedCertificate SEQUENCE OF SEQUENCE
> {
> userCertificate Certif
Jonathan Augenstine wrote:
>
> I had no problems compiling on Solaris but I have been having problems
> on Win2000. I am using the perl from cygwin to run Configure and that
> appears to complete successfully (no problems reported and it reports
> that it is configure for VC-WIN32). But when I
>
>According to the SSLBUILD file from the imapd docs, the pop3 server
>expects the certificate to be named "ipop3d.pem".
Yep, it works.
It does leave me with an additional question though - is it possible to
combine two certificates into one ipop3d.pem file, so that I can allow vpop
as well
I had no problems compiling on Solaris but I have been having problems
on Win2000. I am using the perl from cygwin to run Configure and that
appears to complete successfully (no problems reported and it reports
that it is configure for VC-WIN32). But when I run the ms\do_ms.bat I
encounter probl
I'm rather new to the SSL world, but I have a simple issue. I paid big $$$
to Verisign for a Certificate for my web server. It seems to me that the
only reason I had to pay big $$$ is because Microsoft lists Verisign as a
Trusted CA. Of course, the reason for this is so Verisign can "Identify"
>
>According to the SSLBUILD file from the imapd docs, the pop3 server
>expects the certificate to be named "ipop3d.pem".
>
>Nalin
Thanks Nalin - looks like it works :-)
__
OpenSSL Project http:/
Erwann ABALEA wrote:
> Notice that you used the -sign argument, to *sign* your data. Therefore,
> it *seems* to be encrypted (i.e. you can see garbage in your data.enc
> file).
Yes, I know I use method meant for signatures only... That is
exactly why I'm asking if it is secure for encryption o
Title: RE: Extension in CRLs never used
They probably want to remain compatible with the old softwares.
Sorry for the attached files.
-Message d'origine-
De : [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]De la part de Mads Rasmussen
Envoye : jeudi 28 fevrier 2002 16:13
A : [EMAIL
Hello,
I am running imap2001a and using openssl 0.96b on Sun Solaris 2.8. I have
generated a self signed cert using the method described in the openssl
SSLBUILD
document
The following command to openssl can be used to create a self-signed
certificate with a 10-year expiration:
req -new
Using the following code, I manage to add a lot of extensions to a
certificate.
X509V3_EXT_METHOD *method;
STACK_OF(CONF_VALUE) *nval;
int ext_len;
unsigned char *ext_der;
void *ext_struc;
int ext_nid;
ASN1_OCTET_STRING *ext_oct;
Arthur Wongtschowski wrote:
>
> > Using the following code, I manage to add a lot of extensions to a
> > certificate.
> >
> >
> > X509V3_EXT_METHOD *method;
> > STACK_OF(CONF_VALUE) *nval;
> > int ext_len;
> > unsigned char *ext_der;
> > void *ext_struc;
> > in
> Using the following code, I manage to add a lot of extensions to a
> certificate.
>
>
> X509V3_EXT_METHOD *method;
> STACK_OF(CONF_VALUE) *nval;
> int ext_len;
> unsigned char *ext_der;
> void *ext_struc;
> int ext_nid;
> ASN1_OCTET_STRING *ext_oct;
James,
2002-02-28 13:22:36, du schriebst:
> What is the state of the union concerning building OpenSSL with Microsoft's
> C++ version 7? Has anyone done it, and if so, are there patches involved or
> does it just work?
I just tried out, fetched openssl-0.9.7-stable-SNAP-20020
the crlEntryExtensions can be used for the Reason Code (oid=
id-ce-reasonCode = 2.5.29.21)
reasonCode EXTENSION ::= {
SYNTAX CRLReason
IDENTIFIED BY id-ce-reasonCode
}
CRLReason ::= ENUMERATED {
unspecified(0),
keyCompromise(1),
cACompromise(2),
affi
<...crl entry extensions...>
> these fields are present but I cannot find one CRL as an example
http://www.tky.hut.fi/~toka/test-cx.crl
It is signed with http://www.tky.hut.fi/~toka/test-cx.p8
(plain PKCS#8).
//toka
Vegetables are murder.
I am trying to create a 'ContentInfo' object, but I do not find any file in
which this object is defined. There are no object called "ContentInfo",
"Content_Info", "PKCS7_ContentInfo"...
Where can I find it?
Thanks in advance.
Mateo.
__
36 matches
Mail list logo