Hi all,
sorry that I
send the same e-mail again but I did't find any answer to my last
one.
We
have the case that openssl can not handle
long serial numbers.
In ower case we
have this Serail Nr. 9a 38 74 00 00 00 00 25 be
but
OpenSSL 0.9.7e
25 Oct 2004 print this:
openssl x509 -in
On Tue, Jan 10, 2006, Dominique Brezinski wrote:
>
> The error I listed is distinctly different than if I enter an
> incorrect passphrase. Example of bad passphrase:
>
> $ openssl rsa -in new-server-key.pem -out server-key.pem
> Enter pass phrase for new-server-key.pem:
> unable to load Private
On 1/10/06, Dr. Stephen Henson <[EMAIL PROTECTED]> wrote:
> On Tue, Jan 10, 2006, Dominique Brezinski wrote:
>
> > A new cert req and private key were created with the following command
> > using OpenSSL 0.9.7i 14 Oct 2005 on OS X 10.4.3:
> >
> > $openssl req -newkey rsa:2048 -keyout new-server-key
On Tue, Jan 10, 2006, Dominique Brezinski wrote:
> A new cert req and private key were created with the following command
> using OpenSSL 0.9.7i 14 Oct 2005 on OS X 10.4.3:
>
> $openssl req -newkey rsa:2048 -keyout new-server-key.pem -out new-req.pem
>
> Now, trying to remove the passphrase from
This is an Apache query, not an OpenSSL query. Please ask on the
apache-users mailing list.
-Kyle
On 1/10/06, Chuck Aaron <[EMAIL PROTECTED]> wrote:
> Can anyone tell me how to disable id and pw checking
> when entering a specific web site. I'd like to turn
> it completely off.
>
> Thanks,
> Chu
A new cert req and private key were created with the following command
using OpenSSL 0.9.7i 14 Oct 2005 on OS X 10.4.3:
$openssl req -newkey rsa:2048 -keyout new-server-key.pem -out new-req.pem
Now, trying to remove the passphrase from the private key:
$ openssl rsa -in new-server-key.pem -out s
I will do that (post on OpenSA/Apache). Thanks folks. :)
On 1/10/06, William A. Rowe, Jr. <[EMAIL PROTECTED]> wrote:
> Bernhard Froehlich wrote:
> > Dan Peacock wrote:
> >
> >> I've got a production site running OpenSA 1.0.4 (which uses OpenSSL
> >> 0.9.6c, Apache 1.3.27, and mod_ssl 2.8.11) and
On Tue, Jan 10, 2006, Krishna M Singh wrote:
>
> Also when we use SSLv2 only this works fine.. Only with SSLv23 the
> handshake fails. Any ideas or pointers how to proceed further wud be of
> great help..
>
Seems it doesn't support TLS and messes up SSLv3 when the client indicates it
supports T
Hi All
I have written an SSL client that performs SSL handshake with any
webserver and validates the certificate recevied from the Webserver.
With all other site the handshake works pefectly fine and has been
tested with 100's of secure sites..
the SSL handshake between my client and www.harryand
Bernhard Froehlich wrote:
Dan Peacock wrote:
I've got a production site running OpenSA 1.0.4 (which uses OpenSSL
0.9.6c, Apache 1.3.27, and mod_ssl 2.8.11) and we need to upgrade it
to plug the security holes that this version has. Is there anything
that I can do to upgrade this install? Can
Thanks for ur response..
the error messages of client and server
are follows..
client :
error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1
alert unknown ca:s3_pkt.c:1052:SSL alert number 48
server:
error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no
certificate returned : s3_srvr.c:2015
Samy Thiyagarajan wrote:
hi ..
now i created a CA and a certificate signed by it.
my client call is now,
s_client -connect ip:port -cert clientcert.pem -key
clientPrivKey.pem -CAfile cakey.pem
still no development
can someone look into this issue please...?
The CAfile for tjhe openss
Dan Peacock wrote:
I've got a production site running OpenSA 1.0.4 (which uses OpenSSL
0.9.6c, Apache 1.3.27, and mod_ssl 2.8.11) and we need to upgrade it
to plug the security holes that this version has. Is there anything
that I can do to upgrade this install? Can I drop in the latest
versio
You don't want to specify the CA's private key as the argument for -CAfile,
you need to specify the CA certificate for that.
Also an indication of the errors you get would help ...
D.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Samy Thiyagarajan
Sent
hi ..
now i created a CA and a certificate
signed by it.
my client call is now,
s_client -connect ip:port
-cert clientcert.pem -key clientPrivKey.pem -CAfile cakey.pem
still no development
can someone look into this issue please...?
"Mark" <[EMAIL PROTECTED]>
Sent by:
[EMAIL
On Tue, Jan 10, 2006, Emmanuel Lepavec wrote:
>
> For this, I do not need any security countermeasure. So, if there is a
> way to disable checks that requires the public key, please tell! ;-)
I've done a quick check setting rsa->e to NULL in rsautl and it seems to work
just fine: the security ch
I've got a production site running OpenSA 1.0.4 (which uses OpenSSL
0.9.6c, Apache 1.3.27, and mod_ssl 2.8.11) and we need to upgrade it
to plug the security holes that this version has. Is there anything
that I can do to upgrade this install? Can I drop in the latest
version of Apache 1.3 and mo
Can anyone tell me how to disable id and pw checking
when entering a specific web site. I'd like to turn
it completely off.
Thanks,
Chuck
Mark wrote:
my last mail seem to be lost somewhere..
I got it!
Hi all,
Im testing an SSL server with s_client. I want to implement
client authent
Emmanuel Lepavec wrote:
Bernhard Froehlich wrote:
If you could detail your intended use it may be clearer for me why you
want to do that.
Remember that it's very easy to do wrong things in cryptographic
applications, so I'm always a bit suspicious if someone has a "non
standard use"... ;)
> my last mail seem to be lost somewhere..
I got it!
> Hi all,
>
> Im testing an SSL server with s_client. I want to implement
> client authentication.
>
> The problem is even if I include the certificate and key file
> in my client call, SSL_get_peer_certificate()
> returns NULL
>
>
my last mail seem to be lost somewhere..
Hi all,
Im testing an SSL server with s_client.
I want to implement client authentication.
The problem is even if I include the
certificate and key file in my client call, SSL_get_peer_certificate()
returns NULL
I tried the following calls,
a) S_clie
Dear All,
We are actually testing SSL, need some
particulars scenarios which where OpenSSL have not taken care of and which are
not suggest in OpenSSL.
Any help in this regard is highly
valuable.
Thanks
raman
Bernhard Froehlich wrote:
>>
> If you could detail your intended use it may be clearer for me why you
> want to do that.
> Remember that it's very easy to do wrong things in cryptographic
> applications, so I'm always a bit suspicious if someone has a "non
> standard use"... ;)
>
Actually, I do not
Hi all,
Im testing an SSL server with s_client.
I want to implement client authentication.
The problem is even if I include the
certificate and key file in my client call, SSL_get_peer_certificate()
returns NULL
I tried the following calls,
a) S_client -connect ip:port
b) s_client -connect
On Tue, Jan 10, 2006, Szabolcs Berecz wrote:
> Hi!
>
> Does it copy everything from the DER format? I'm asking because I
> don't know if I can
> free the data read from file after parsing with d2i_PKCS7().
>
Yes it copies everything: there are no internal pointers to the DER data so
you can saf
Hi!
Does it copy everything from the DER format? I'm asking because I
don't know if I can
free the data read from file after parsing with d2i_PKCS7().
Szabi
__
OpenSSL Project http://www.openssl.or
On 06/01/06, Dr. Stephen Henson <[EMAIL PROTECTED]> wrote:
>
> Are you opening the file in binary mode?
>
Of course, not...
It's hard to get used to develop under windows.
Szabi
__
OpenSSL Project
27 matches
Mail list logo