RE: Converting PEM file to PKCS12 or PFX for the MacOS (Not Mac OSx)...

2002-10-27 Thread Jose Correia (J)
Hi there   I would think the command used by openssl is the same, irrespective of OS used?? Something like this would work for a PEM certificate:   openssl pkcs12 -export -in someCert.crt -inkey someCert.key -out someCert.p12 Regards Jose   -Original Message-From: Auteria Wally W

Re: free Certificate Authority

2002-10-27 Thread Peter Ziobrzynski
I'll be damned. It really is a free email cert at thawte.com. At veritas they have one but not free - $45/year. I thought the SSL is completely dead as for personal use. But not to far from it. Anybody can get PGP/GPG for free now and new mozilla enigmail plugin does all the magic. Thanks Karl!

RE: IIS5 client certs

2002-10-27 Thread Shalkebaev,AntonMSCAG
They the same as in apache except SSL_CLIENT_S_DN_UID your can find them in IIS help :) : - Certificate Field Select or enter the certificate field name. Fields are comprised of subfields that contain specific identification information. Field na

Re: free Certificate Authority

2002-10-27 Thread Karl-Michael Werzowa
... on www.thawte.com you'll find it at middle, left of home page: (9 o'clock ;-) Am 2002-10-27 18:41 Uhr schrieb "Peter Ziobrzynski" unter <[EMAIL PROTECTED]>: > Franck Martin wrote: >> I think there was something called www.medacen.net >> >> Also, check the ISOC PKI w

Re: speed differences between EVP_Sign and EVP_Verify

2002-10-27 Thread Vadim Fedukovich
On Sun, Oct 27, 2002 at 02:11:12PM -0800, icewind wrote: > I am running some speed tests in which I use the > EVP_Sign and EVP_Verify functions. I have noticed that > the Signing takes much longer (about 10 times longer) > on average than does Verifying. This doesnt make sense > to me. Is what I am

speed differences between EVP_Sign and EVP_Verify

2002-10-27 Thread icewind
I am running some speed tests in which I use the EVP_Sign and EVP_Verify functions. I have noticed that the Signing takes much longer (about 10 times longer) on average than does Verifying. This doesnt make sense to me. Is what I am seeing the expected behavior? I am using the same size data for bo

Re: SUN Crypto Accelerator + OpenSSL

2002-10-27 Thread Richard Levitte - VMS Whacker
In message <[EMAIL PROTECTED]> on Sat, 26 Oct 2002 02:35:55 -0700 (PDT), Edward Chan <[EMAIL PROTECTED]> said: ballgod> Sorry, I didn't follow this thread. But does this ballgod> mean that OpenSSL 0.9.6g does not support the Sun ballgod> card...eventhough it is really a CryptoSwift card? The SU

IIS5 client certs

2002-10-27 Thread Eric Weitzman
Does anyone know (or know where to find) the characteristics that a client certificate should have so that IIS5 will verify the client? Thanks, - Eric __ OpenSSL Project http://www.openssl.org Use

Re: free Certificate Authority

2002-10-27 Thread Peter Ziobrzynski
Franck Martin wrote: I think there was something called www.medacen.net Also, check the ISOC PKI working Group www.isoc.org You can register a free certificate for e-mail on thawte and versisign. This is interesting. How do you know about it? Did you do it? On either t

JP GPKI OCSP extension

2002-10-27 Thread kiyoshi
Hi, (B (BI write a code that can be used for OCSP extension of Japan GPKI . (BThis can be integrated into current OCSP implementation in 0.9.7 (Bbeta 3. (B (BIf you want to compile and make this work, you have to (Badd the NID_* for the local defined extensions in object.txt in (Bcrypto dir

how do you enable/disable session caching in the server?

2002-10-27 Thread Edward Chan
Hi there, In the book, "Network Security with OpenSSL", it says to call SSL_CTX_set_session_id_context() to enable server-side session caching. I have not called this, but in my client, when I call SSL_get1_session(), I always get an SSL* back, and the field session_id_length is always non-zero,

Stunnel 4.03 released

2002-10-27 Thread Michal Trojnara
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Version 4.03, 2002.10.27, urgency: HIGH: * NT Service (broken since 4.01) is operational again. * Memory leak in FORK environments fixed. * sigprocmask() mistake corrected. * struct timeval is reinitialized before select(). * EAGAIN handled in client.c

How may I generate CRL with validity from '01 Dec 2002, 00:00' to '01 Jan 2003 00:00'

2002-10-27 Thread Konstantin Andreev
It seems to me, that openssl "ca" tool always forces "Valid after" attribute of new CRL to be current system date and time. Is there any way to generate CRL with validity period that I desire ? Do I have to use some commercial tool for that ? Thank you in advance, -- - TOR Trade Company, IT Depa

free Certificate Authority

2002-10-27 Thread Peter Ziobrzynski
I searched far and wide and can't find a CA service in a reasonable price. Verisign, Thawte, etc. all charge hundreds for one year PKI. There must be a way to get a recognized personal client SSL certificate for free. Banks, ISPs should be interested in having their customers use signed email. D

Re: free Certificate Authority

2002-10-27 Thread Franck Martin
I think there was something called www.medacen.net Also, check the ISOC PKI working Group www.isoc.org You can register a free certificate for e-mail on thawte and versisign. Cheers. [EMAIL PROTECTED] On Sun, 2002-10-27 at 20:14, Peter Ziobrzynski wrote: I searched far and wid

Re: SSL_set_fd() harmful when using nonblocking sockets?

2002-10-27 Thread Noel Burton-Krahn
Uh... Dan, read() always returns 0 on EOF, so SSL_read() will always return 0 too (also setting SSL_ERROR_ZERO_RETURN). That's true for the first read on EOF and all reads afterwards. Do you think that read() will return 0 if it's not EOF? If read() would block, it returns -1 and sets errno=EAGAI