Hi Hu,
hu wrote:
> Hi, all
> I use a script to run openssl command 'openssl sime' for signing message.
> For example, running "openssl smime -sign -inkey PrivateKey.pem". Then
> command asks me input pass PEM password. How to avoid giving password
> in a interactive way, i.e. how to pass passwor
Hello all,
I had posted this request sometime back.
I have created a simple ssl client/server apllication.I need to add
the crl functionality in it too. I'm unable to understand how to go about
it.
Could someone please tell me how to do it.
shine on
_
I see who you are talking about
But I think it is a IETF pb to provide an informational RFC to provide a map between certificate DN and DNS namespace and to provide a mechanism to look at CERT and CRL Then it is an ICANN problem to implement on the root-servers and delegate to ohers...
> actually UDP/IP max_size is 512 Bytes
no; you're ignoring fragmentation which has been cmmon since 1980 or so.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
In message <[EMAIL PROTECTED]> on Fri, 07 Jun 2002 14:03:51
-0700, Brian Doyle <[EMAIL PROTECTED]> said:
brian> The man page also says that CRYPTO_READ and CRYPTO_WRITE are
brian> mutually exclusive. I'm confused on this and need some
brian> clarification.
Quite simple. When some thread is wr
Bill Sommerfeld wrote:
>> As others have pointed out, the DNS already has the capability
>> to store certs. So you could use the DNS as a publication
>> method. But is this the only thing a PKI needs? How would
>> one revolke a cert that was in the DNS? How can you update
I have found the -passin option specifies the password for command.
Thanks!
Ji Hu
- Original Message -
From: "Baber Amin" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Sunday, June 09, 2002 8:52 PM
Subject: Re: how to access *private key file without inputing
passwordinteractively
>
If you create the key with the -nodes option, then it is not password
protected. Would that help?
Baber
:)
--
Rise above the clouds and the master
pilot will guide you through the turbulence.
>>> [EMAIL PROTECTED] 06/09/02
Hi, all
I use a script to run openssl command 'openssl sime' for signing message.
For example, running "openssl smime -sign -inkey PrivateKey.pem". Then
command asks me input pass PEM password. How to avoid giving password
in a interactive way, i.e. how to pass password to command when lunching th
I cant find the -noout option for
command, such as "openssl smime -sign -inkey PrivateKey.pem". How do you do
it
- Original Message -
From:
董大伟
To: [EMAIL PROTECTED]
Sent: Sunday, June 09, 2002 11:44
AM
Subject: Re: how to access private key
file without inputi
> As others have pointed out, the DNS already has the capability
> to store certs. So you could use the DNS as a publication
> method. But is this the only thing a PKI needs? How would
> one revolke a cert that was in the DNS? How can you update
> -every- cached
> Hi Bob,
>
> Judging from what you wrote you might want to implement a
> 'content timestamp', which is added to the authenticated
> attributes and contains a timestamp over the encapsulated
> content info. This will not give a proof of the signing
> time, just the existence of the data at a pa
On Sat, Jun 08, 2002 at 01:35:42PM -0700, David Conrad wrote:
> On 6/8/02 6:22 AM, "Steven M. Bellovin" <[EMAIL PROTECTED]> wrote:
> > DNS packets are limited to 512 bytes.
>
> No they are not. They are limited to 64K. Even without EDNS0, a large
> response can fall back to TCP. You know this.
Hi, Jess.
Look carefully at your error: " write_irfile: No space left on device". It
means that you should clean your filesystem from the temp/log files (usually
/usr/tmp or whatever defined as /dev/null on your system).
Generally, an answers to such problems can be found at "www.tldp.org".
Bes
Sorry - should have mentioned that 'prime.c' is in the 'openssl/demos/prime'
prime folder.
Cheers,
Rob
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL
Hi,
On Win 2k, OpenSSL 0.9.6a, I am trying to build 'prime.c' using MSVC++ 6.0
(with which I built openssl).
Compiles ok, but cannot link the 3 'BN_' functions called in 'prime.c'. I
get the following error report:
prime.c
prime.c(91) : warning C4113: 'void (__cdecl *)()' differs in parameter
I was following the thread to know more, but then I'm back to begining.
If you find another solution, please let me know...
Cheers.
On Sun, 2002-06-09 at 10:02, Daniel Sutcliffe wrote:
> However, my certificates have now started to expire and I am
> getting warning dialogs from
Daniel Sutcliffe wrote:
> I have only just subscribed to this list so I apologise if I don't
> follow protocol. I thought this would be easy but my Web searches
> have led to nothing and I can't find a archive for this list :-(
Still haven't managed to find a searchable archive of this list.
Is
I think you just specify -noout option to your
command
- Original Message -
From:
hu
To: [EMAIL PROTECTED]
Sent: Saturday, June 08, 2002 10:20 PM
Subject: how to access private key file
without inputing password interactively
Hi, all
I met a pro
Hi Bob,
Judging from what you wrote you might want to implement a 'content
timestamp', which is added to the authenticated attributes and contains a
timestamp over the encapsulated content info. This will not give a proof of
the signing time, just the existence of the data at a particular time.
on 6/8/2002 8:22 AM Franck Martin said the following:
> I was wondering if the best system to build a global PKI wouldn't be the
> DNS system already in place?
This is an ongoing argument. Essentially there are two camps:
Pro--there's a global database out there, let's put useful stuff
Pekka Savola <[EMAIL PROTECTED]> writes:
> On Sat, 8 Jun 2002, Michael Richardson wrote:
>> > "Franck" == Franck Martin <[EMAIL PROTECTED]> writes:
>> Franck> I was wondering if the best system to build a global PKI wouldn't be the
>> Franck> DNS system already in place?
>>
>> Fra
Hi, all
I met a problem. I use a script to run openssl
command. When it need access a private key file, user must input password
for protection reason. But it is done by the interactive way. But I
hope script to run commands automaticly, without inputing password
interactively. How to do i
In message <[EMAIL PROTECTED]>, David Conrad writes:
>On 6/8/02 6:22 AM, "Steven M. Bellovin" <[EMAIL PROTECTED]> wrote:
>> DNS packets are limited to 512 bytes.
>
>No they are not. They are limited to 64K. Even without EDNS0, a large
>response can fall back to TCP. You know this.
I was exclud
On Sat, 08 Jun 2002 13:22:28 -, Franck Martin said:
> I was wondering if the best system to build a global PKI wouldn't be the
> DNS system already in place?
No.
1) There's *NOT* a good mapping between the DNS and LDAP (hint - DN=, O=,
and OU+ can be at the same level...)
2) DNS has to be
> "Franck" == Franck Martin <[EMAIL PROTECTED]> writes:
Franck> I was wondering if the best system to build a global PKI wouldn't be the
Franck> DNS system already in place?
Franck> The root servers would share the ROOT Certificates and would sign a
Franck> certificate to eac
On Sat, 8 Jun 2002, Michael Richardson wrote:
> > "Franck" == Franck Martin <[EMAIL PROTECTED]> writes:
> Franck> I was wondering if the best system to build a global PKI wouldn't be the
> Franck> DNS system already in place?
>
> Franck> The root servers would share the ROOT Certi
Hi,
I've terminated the Make process while its running, and when i tried to run
Make again, it gives me the following error. Is there any way i can resolve
this?
make
+ rm -f libcrypto.so.0
+ rm -f libcrypto.so
+ rm -f libcrypto.so.0.9.6
+ rm -f libssl.so.0
+ rm -f libssl.so
+ rm -f libssl.so.0
On 6/8/02 3:01 PM, "Steven M. Bellovin" <[EMAIL PROTECTED]> wrote:
> I was excluding EDNS0, since I thought it wasn't widely implemented.
It has been implemented in the latest version of BINDv8, it has always been
in BINDv9, and I believe it is in Microsoft's DNS server (not positive on
this). G
29 matches
Mail list logo
