Hi,
I have a question about distribution of software which is based on OpenSSL libraries
considering US export regulations.
We are planning to use OpenSSL library to develop a program with functionality similar
to that of HTTPS client/server. We will be linking our code (static or dynamic -
How can i verify from an OpenSSL server application if the client certificate/private
key matches the server certificate/private key?
regards
Get advanced SPAM filtering on Webmail or POP Mail ... Get Lycos Mail!
Off the home page:
OpenSSL is based on the excellent SSLeay library developed by Eric A.
Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an
Apache-style licence, which basically means that you are free to get and
use it for commercial and non-commercial purposes subject to some
Are you actually implementing HTTPS, or are you just using SSL over TCP
for your own application?
We are planning to create two versions of our program
This may not be necessary.
Is an export license or review by the authorities required for this kind of application?
If you use crypto, you need
Regarding exportability, last I heard export restrictions had been
relaxed somewhat for friendly nations. However I'm not American and do
not live in the US so not sure.
Please, the situation is confusing enough without uninformed speculation.
Exporting something which implements HTTP/SSL -- full
Marius Cabas wrote:
How can i verify from an OpenSSL server application if the client
certificate/private key matches the server certificate/private key?
What do you mean,, match? The keypair used by the server is not the
same keypair used by the client. Do you mean something like are signed
Sorry for my delay in replying. It shouldn't affect SSH as that didn't come
with Red Hat 6.2. It's a while since I used 6.2, but at the time I
downloaded an RPM from a dutch encryption site (which is now long gone).
They used their own security libraries so were independent of openssl.
However,
Someone in your company is responsible for trade and/or export regulations. Find out
who that is and contact them for guidance. While regulations have become more liberal
in some cases, they are always changing so it's good to get up-to-date advice from
someone whose job it is to follow the
I noticed this setting in the openssl.cnf file (as of late) and was
wondering the actual effect of turning this off or on...
# Extension copying option: use with caution.
# copy_extensions = copy
Uncommenting means that we can use things like:
# Import the email address.
#
On Mon, Jun 16, 2003, John Douglass wrote:
I noticed this setting in the openssl.cnf file (as of late) and was
wondering the actual effect of turning this off or on...
# Extension copying option: use with caution.
# copy_extensions = copy
It means what it says in the manual page: if
Hi,
I am just starting out on ssl...could pl. tell me what
might be causing the below error, when using s_client
to connect to a server, my application also fails
during chain verification process...
s_client output of the server:
Loading 'screen' into random state - done
CONNECTED(017C)
I'm trying to figure out how to update a CRL without restarting the
server. It looks like get_cert_by_subject() wants to see all the
successively generated CRLs for a CA. In other words, it wants to see
something like 12345.r0, 12345.r1 etc.
So I start the server with 12345.r0 in my
Hi,
I have a question about distribution of software which is based on OpenSSL
libraries considering US export regulations.
We are planning to use OpenSSL library to develop a program with
functionality similar to that of HTTPS client/server. We will be linking
our code (static or dynamic - any
I was told that even though our program is only supporting
limited key lengths, it can not be exported as it is linking to
OpenSSL which has the logic to support larger key lengths and
strong ciphers.
This is a misleading thing to say. But in general, it's true that it's very
If you dynamically
link to OpenSSL, you may have no idea or control over what algorithms and
key lengths you wind up using. This makes the form impossible to fill out.
In my experience if you just refer to the SSL/TLS spec you're fine.
If your product includes the OpenSSL libraries, you'd
If you dynamically
link to OpenSSL, you may have no idea or control over what
algorithms and
key lengths you wind up using. This makes the form impossible
to fill out.
In my experience if you just refer to the SSL/TLS spec you're fine.
Really? Even if you don't specify any
In my experience if you just refer to the SSL/TLS spec you're fine.
Really? Even if you don't specify any algorithms or key lengths in detail?
Yeah. We just said RSA key exchange (512 through 2048 bits typical)
for symmetric encryption key. For details, see RFC .
Where did you get that
17 matches
Mail list logo