Re: Can openssl change a V1 to a V3 x509?

2005-07-13 Thread Joseph Oreste Bruni
Probably not since the certificate has been signed by its issuer. Any changes would render the signature invalid. On Jul 13, 2005, at 3:45 PM, David Templar wrote: I am having a lot of problems importing a certificate made in openssl into a phone, but I can get a keytool certificate imported

Can openssl change a V1 to a V3 x509?

2005-07-13 Thread David Templar
I am having a lot of problems importing a certificate made in openssl into a phone, but I can get a keytool certificate imported. The only thing is that I need to change the V1 cert (keytool only makes V1) to a V3 cert - can openssl modify a cert to a V3 (without changing anything else)? _

Re: TLSv1 Or SSLv3

2005-07-13 Thread Jostein Tveit
Jagannadha Bhattu <[EMAIL PROTECTED]> writes: > Can you let me know which one is more safer between TLSv1 and > SSLv3. TLSv1 and SSLv3 are equally safe. TLS is the IETF's version of Netscape's SSL with some minor changes. -- Jostein Tveit <[EMAIL PROTECTED]> ___

Re: Algorithm licensing

2005-07-13 Thread Michael Sierchio
Ted Mittelstaedt wrote: Actually, regardless of the cipher you use, unless you have a truly random source of numbers, your going to undermine the strength of your encryption. For an embedded system, such a thing has to be designed in from the get-go, as a software PRNG is generally nowhere near

RE: Algorithm licensing

2005-07-13 Thread Ted Mittelstaedt
Ah yes, I had heard about the attack on SHA and had read about it, but it didn't seem to be that practical. SHA is not patented: http://grouper.ieee.org/groups/1363/P1363/letters/NIST.txt Actually, regardless of the cipher you use, unless you have a truly random source of numbers, your going to

openssl.cnf, please help: What is the difference between these 2 certificates?

2005-07-13 Thread David Templar
Hi, I have attached 2 certificates (I have changed the extension to .txt as the openssl forum does not accept .cer). The microsoft.txt is exported from the browser and the david.txt is created by openssl and also exported from the browser (IE). The microsoft cert I can install on my motorola

Re: Client authentication problem

2005-07-13 Thread Gayathri Sundar
Hi. Have you imported the CA of the client cert on the server side? A verify depth of 1 has been set, which could mean that the client cert is self signed? Can you set it to some higher value and try? Also can you check whether the option "SSL_VERIFY_FAIL_IF_NO_PEER_CERT"? It looks to me a defini

Test

2005-07-13 Thread Frédéric Donnat
Mail server tests, please ignore <>

Re: Client authentication problem

2005-07-13 Thread Gaël Lams
> The above indicates that. Make sure client cert > processing is done correctly on the server side. If it > is a program failure, then you need to get the > programmer to debug the program. > Thank you for your answer. I'm not sure what you intend with "program failure": the pages served by th

Creating new OIDs...

2005-07-13 Thread Manuel Gil Perez
Hi all, I have a C++ application that uses OpenSSL as cryptographic library and I need to create a new OID which will be used in my application. The definition will be as follows: #define SN_id_ct_scvp_certValRequest "id-ct-scvp-certValRequest" #define NID_id_ct_scvp_certValRequest 751

RE: Algorithm licensing

2005-07-13 Thread Vin McLellan
Hi Mat, Ted: RC5 was invented by MIT Prof Ron Rivest in 1994 for RSA Security, and RSA received a US patent for RC5 in May of 1997. RSA licenses RC5 separately -- as well as part of its BSAFE SDKs (including the BSAFE Crypto-C Micro Edition, and BSAFE SSL-C Micro Edition:.) See: