Hello,
I'm just not sure about somethingsay I generate
a certificate (a signed cert request using a self signed cert) and the resulting
certificate is newcert.pem. Will this newcert.pem contain both a private
and a public key? If so, can I extract the public key contents from this
.pem
Nicolas,
make sure that you compile your program so that it uses the correct
runtime-environment. For this, check the following setting: Project-Settings, tab
C/C++, Category = Code generation, Option = Use run-time library
If your program uses the release build of OpenSSL libraries, set this
Yeah, me too, as far as a PalmOS port. The crypto libraries basically
work, though they're not optimized. SSL OTOH is a completey different
story.
Like you, I dont have a need for it anymore, and as such it has taken a
back burner.
- Max
On Thu, 11 Apr 2002, Steven Reddie wrote:
I started
On Wed, Apr 10, 2002 at 11:08:24PM -0700, Aleksey Sanin wrote:
Just wonder why OpenSSL has no SHA256/512 support
(grep -i sha `find . -name *` | grep 256 in
openssl-0.9.7-stable-SNAP-20020319
returns only bunch of *_AES_256_SHA references)?
Does there exist any reason or simply nobody had
AFAIK, the last fix was made back in October and it addressed
an attack related to random numbers generator. I am not sure
I have any fresh insider information on the topic :)
The problem is that SHA256 and greater are became required
in other standards (XML Encryption, for example). And quick
On Thu, Apr 11, 2002 at 02:01:51AM -0700, Aleksey Sanin wrote:
AFAIK, the last fix was made back in October and it addressed
an attack related to random numbers generator. I am not sure
I have any fresh insider information on the topic :)
The problem is that SHA256 and greater are became
On Thu, 11 Apr 2002 15:56:52 +0800, Howard Chan wrote:
I'm just not sure about somethingsay I generate a certificate (a signed
cert request using a self signed cert) and the resulting certificate is
newcert.pem. Will this newcert.pem contain both a private and a public
key? If so, can
This is a forwarded message
From: Pavel Tsekov [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Date: Thursday, April 11, 2002, 12:39:59 PM
Subject: [BUG suggested PATCH] EVP_DecodeUpdate 0.9.6b 0.9.6c
Seem like the original message could not made its way to the mail list
so am I forwarding it.
Hello, there! :)
My colleague Nedelcho Stanev and myself have identified what we would
think to be a bug (or a flaw) in the EVP_DecodeUpdate() routine. We
were trying to read base64 encoded data with the base64 BIO which has
the 'next' member pointed to membuf BIO in which we write the encoded
Hi , I am trying to do a SSL certificate to use
TLS/SSL encryption with Qpopper. I read the doc and I created a certificate
request succesfully but it seems that when I try to sign it, it crash with a
serious error, here's the output:
[bob@domain]#
openssl ca -in req.pem -out
We have an SSL application that works great on Linux and Wndows NT.
After porting to Solaris (compiled on Solaris 2.6 Sun cc) we got the following
error from SSL handshake:
error:0001:lib(0):func(0):reason(1)
SSL dump reveals that the client has closed the socket after
ServerHelloDone.
I
Hello Charles,
Thursday, April 11, 2002, 3:38:44 PM, you wrote:
CH Hi , I am trying to do a SSL certificate to use TLS/SSL encryption with Qpopper. I
read the doc and I created a certificate request succesfully but it seems that when I
try to sign it, it crash
CH with a serious error, here's
It's ok, It looked serious because of the .c file thing.
I fixed my problem, I just created a test certificate, sorry.
Charles
- Original Message -
From: Pavel Tsekov [EMAIL PROTECTED]
To: Charles Hamel [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Thursday, April 11, 2002 9:56 AM
Hi,
I got the same error the first time I ran OpenSSL. I don't know if it's
the same error for you, but for me it was just an error in my config
file..
Look for the foolowing line in the [ CA_default ] part of the config
file:
private_key= $dir/private/privkey.pem # CA private key
Hello,
I have searched the mailing list archives and cannot seem to find a
specific answer to a very high-level question.
Is there a method for adding (and retrieving) application-specific
attributes to an SSL certificate using OpenSSL?
Specifically, I would like to add a collection of
I know this is sort of off topic... but I wanted to see if anyone on the
list have used the x.509 (pem) certificates in the newest ckermit 8.0 ftp
client. Not exactly sure where to import into the kermit so the cert can
be used by the ftp server.
Thanks..
In message [EMAIL PROTECTED] on Thu, 11 Apr 2002 19:10:00 +0500, Brian
Skrab [EMAIL PROTECTED] said:
brian.skrabopenssl x509 -noout -text -in crt.pem
brian.skrab
brian.skrab does not display the attributes as they were shown in the CSR.
brian.skrab
brian.skrab Any hints, pointers, or
I would like to specify an effective time for openssl to use when
verifying S/MIME messages, so that i can override my system clock when
checking the validity period.
I tried adding an (eww) global variable called effective_time which is -1 by
default and can be set with a command line option.
On Tue, Feb 26, 2002 at 06:02:25PM -0500, Mike Schiraldi wrote:
I would like to specify an effective time for openssl to use when
verifying S/MIME messages, so that i can override my system clock when
checking the validity period.
I tried adding an (eww) global variable called
I know this is sort of off topic... but I wanted to see if anyone on the
list have used the x.509 (pem) certificates in the newest ckermit 8.0 ftp
client. Not exactly sure where to import into the kermit so the cert can
be used by the ftp server.
Read
Hi All
I've created a server certificate and configured Apache with mod_ssl and
eveything seems to work well.
However, as it's a self-sogned certificate, the browser insists on popping
up a warning to the user each time they visit the site - even if they've
installed the certificate (in IE it
Hi,
I am trying to compile Openssl on windows 2000 server.
I have downloaded Openssl from a link pointed by openCA.org(right now the
site is not responding so i am not able to give you the link here)
and did the following
perl Configure VC-WIN32 --prefix=(dir)
ms\do_ms
set
Richard,
Thank you for your quick reply. The addition of the attributes to the
certificate does not need to take place in the signing request. In
fact, it should actually take place when the CSR is turned into a
certificate. Is there a way (using OpenSSL 0.9.6c) for the CA to add
thanks for the heads up..
Terrelle
-Original Message-
From: Jeffrey Altman [mailto:[EMAIL PROTECTED]]
Sent: Thursday, April 11, 2002 11:47 AM
To: [EMAIL PROTECTED]
Cc: '[EMAIL PROTECTED]'
Subject: Re: using X.509 certificates in Ckermit 8.0
I know this is sort of off topic... but I
Steve,
Actually, you will be further ahead using your self-signed certificate
and private key to sign additional certificates that you create using
OpenSSL for your servers. Then, simply import that self-signed CA
certificate that corresponds to the private key you used to sign the
server
Hi,
I've just ran into the exact same problem. There's a quick solution to
this that I had to run before the import.
# openssl x509 -in cacert.pem -out cacert.crt
You can see this solution on
http://www.tldp.org/HOWTO/SSL-Certificates-HOWTO/x120.html
Regards - Steve Harris
Neff Robert A
In message [EMAIL PROTECTED] on Thu, 11 Apr 2002 15:26:49 +0500, Brian
Skrab [EMAIL PROTECTED] said:
brian.skrab Thank you for your quick reply. The addition of the
brian.skrab attributes to the certificate does not need to take
brian.skrab place in the signing request.
Do you mean that the
If I understand you correctly, subjectAltName would serve you fine.
There are enough fields there to add stuff. For example, you can just use
email:[EMAIL PROTECTED]
It will not be a real e-mail address, but it will have the information you
need.
You need to have this in openssl.cnf to to the
Richard Levitte - VMS Whacker wrote:
Do you mean that the attributes do not necessarely need to be part of
the CSR? I agree, I just thought that was what you were after.
You are correct. The attributes do not have to be part of the CSR. I
should have been more clear about that fact. I
In message [EMAIL PROTECTED] on Thu, 11 Apr 2002 16:43:52 +0500, Brian
Skrab [EMAIL PROTECTED] said:
brian.skrab [ new_oids ]
brian.skrab
brian.skrab # We can add new OIDs in here for use by 'ca' and 'req'.
brian.skrab # Add a simple OID like this:
brian.skrab # testoid1=1.2.3.4
brian.skrab #
Richard Levitte - VMS Whacker wrote:
brian.skrab MyAttribute=2.44.88
Ah, that's an invalid OID. The first number must be 0 to 2, and the
second number must be 1 to 40. There are hysteri^H^H^H^H^H^H^Hhistorical
reasons for this...
That's an interesting fact that I don't think I would
Hi Richard,
Yes, you are right, it could be difficult to garantee that the random
serial number will be unique. Also a digest from timestamp will be
more appropriate.
So suppose I can do something like that with e.g. (Linux)
TIMESTAMP=`date`
SN=`md5sum ${TIMESTAMP}`
My question for you is
Sun recently release a new patch that adds /dev/random support to
Solaris (Patch-ID# 112438-01). When I did a fresh compile and install
of OpenSSL 0.9.6c and then OpenSSH 3.1p1, OpenSSH does not use
/dev/random even though I put in the --with-random=/dev/random. It
looks as if it is using
33 matches
Mail list logo