On Thu, Mar 02, 2006, Mikhail Kruk wrote:
> Hello,
> I want my application to trust certificates sign by the major CAs out
> there. Does anyone know of a way to hook up to the place where Windows
> stores its list of CAs? Or maybe just a place where I can download the
> keys of the standard C
Hello,
I want my application to trust certificates sign by the major CAs out
there. Does anyone know of a way to hook up to the place where Windows
stores its list of CAs? Or maybe just a place where I can download the
keys of the standard CAs (like Verisign, Thawte...). Is there such thing
In the FIPs version I see
that you can set a key and a seed for PRNG. I have been looking around for how
to set a key in the non-FIPS (0.9.8a) version and if I read the man pages
correctly (which is suspect J)
it looks like this is not supportted in non-FIPS (that is, is the way you
generat
Hello, when setting-up external caching management, I got to set also the
get_session_cb() for my context. But I have no ide, how to select the
session to return.
E.g. I can read a session using PEM_read_session() into a SSL_SESSION
object, but i need to compare it's session-id with that one provi
What about the 'copy' parameter og get_session_cb() ?
Probably you're using it, but haven't noticed in your question...
--
View this message in context:
http://www.nabble.com/Session-Memory-Leek--t594071.html#a3205710
Sent from the OpenSSL - User forum at Nabble.com.
My bad. I typed 'openssl help' and didn't see sha256 listed under any of the digest commands. That is probably an old menu that hasn't been updated yet. Now that I used your syntax I got the same result. Thanks for the help!
On 3/1/06, Brian Candler <[EMAIL PROTECTED]> wrote:
On Wed, Mar 01, 20
Brian Candler <[EMAIL PROTECTED]> a écrit :On Thu, Mar 02, 2006 at 11:52:50AM +0100, Shulman Alexandre wrote:> I'm trying to write a script able to create a self-signed certificate> automaticaly. I'm using the command:> openssl req -new -key ${KEY} -x509 -out ${CERT}> Unfortunately, I have to e
I have tested n times,but the result is same. OpenVPN renegotiate keys every a hour. Bf-cbc should be faster or fastest.but...Bernhard Froehlich <[EMAIL PROTECTED]> 写道: songwb wrote:> Dear friends> I use OpenSSL's speed command testing the speed of Blowfish and> AES,find bf-cbc faster than aes-
AFAIK Blowfish key setup times are very high. That
might account for the difference.
All things being equal AES certainly gives you more
security than any other cipher.
And AES was chosen also because it was found fit for
implementation on severely constrained embedded
devices. So you get both
The best way is to have the unique_subject = no, and then allow for
the download and installation of the new cert. Once that's done,
revoke the old one.
As for why it's not the default, it's because there are other
applications besides just web server certification that require
additional securit
Using openssl as a CA, I'm wondering what the best way is to renew a
certificate without first revoking the previous one. Revoking the previous
one would leave a window of vulnerability where a machine may be trying to
use the old certificate, as it hasn't yet downloaded the new one, but other
mach
On Thu, Mar 02, 2006, Venkata Sairam wrote:
> Hi
>
> I have the PKCS7 object signed by a certificate. The certificate is revoked
> and I have the corresponding CRL. I have the certificate in the certs
> variable and the CRL in the store variable. I am using the method below:
>
> int PKCS7_verify
On Thu, Mar 02, 2006, ?? wrote:
> Dear friends I use OpenSSL's speed command testing the speed of Blowfish and
> AES,find bf-cbc faster than aes-128-cbc.But when I download a large file
> from intranet of OpenVPN,find bf-cbc seems slower than aes-128-cbc,why? Can
> you give help? thanks!
>
On Thu, Mar 02, 2006, Shulman Alexandre wrote:
> I'm trying to write a script able to create a self-signed certificate
> automaticaly. I'm using the command: openssl req -new -key ${KEY} -x509 -out
> ${CERT}
>
> Unfortunately, I have to enter the DN information manualy. How can I get
> through t
Julien Demoor wrote:
jimmy wrote:
Julien Demoor wrote:
Hello,
I'm getting an error with the DSA_sign() function : "data too large for
key size". I have inputed a 40-byte-long string representing a
hexadecimal SHA-1 digest.
I think the acceptable size would be size of 'q' in ur dsa key and
On Thu, Mar 02, 2006 at 11:52:50AM +0100, Shulman Alexandre wrote:
>I'm trying to write a script able to create a self-signed certificate
>automaticaly. I'm using the command:
>openssl req -new -key ${KEY} -x509 -out ${CERT}
>Unfortunately, I have to enter the DN information manualy
Greetings!
On Thu, 2 Mar 2006, Shulman Alexandre wrote:
> I'm trying to write a script able to create a self-signed certificate
> automaticaly. I'm using the command:
> openssl req -new -key ${KEY} -x509 -out ${CERT}
>
> Unfortunately, I have to enter the DN information manualy.
> How can I get
Shulman Alexandre wrote:
> I'm trying to write a script able to create a self-signed certificate
> automaticaly. I'm using the command:
> openssl req -new -key ${KEY} -x509 -out ${CERT}
>
> Unfortunately, I have to enter the DN information manualy.
> How can I get through the manual request to get
jimmy wrote:
> Julien Demoor wrote:
>
>> Hello,
>>
>> I'm getting an error with the DSA_sign() function : "data too large for
>> key size". I have inputed a 40-byte-long string representing a
>> hexadecimal SHA-1 digest.
>
>
>
> I think the acceptable size would be size of 'q' in ur dsa key and i
This may seem a stupid question, but why do you want or need to do this?
You can generate an SS cert with a validity of (say 1 year) and just use it
without needing to generate a new one every time the system starts up. Is
there something special about the environment that I'm not aware of?
D.
I'm trying to write a script able to create a self-signed certificate automaticaly. I'm using the command:openssl req -new -key ${KEY} -x509 -out ${CERT}Unfortunately, I have to enter the DN information manualy.How can I get through the manual request to get the script to do it itself?
Nouveau :
Hello!
On the Website there is a Link to www.opensslbook.com where Example Code
from the Book should be present.
The site is down and in the Google Cache and on archive.org I can only
find the links to the file.
Can anybody send me the tar.gz of the examples which was located at
http://www.opens
维宾 宋 wrote:
> Dear friends
> I use OpenSSL's speed command testing the speed of Blowfish and
> AES,find bf-cbc faster than aes-128-cbc.But when I download a large
> file from intranet of OpenVPN,find bf-cbc seems slower than
> aes-128-cbc,why? Can you give help? thanks!
> ---download rate---
> aes-
Dear friends I use OpenSSL's speed command testing the speed of Blowfish and AES,find bf-cbc faster than aes-128-cbc.But when I download a large file from intranet of OpenVPN,find bf-cbc seems slower than aes-128-cbc,why? Can you give help? thanks!
Julien Demoor wrote:
Hello,
I'm getting an error with the DSA_sign() function : "data too large for
key size". I have inputed a 40-byte-long string representing a
hexadecimal SHA-1 digest.
I think the acceptable size would be size of 'q' in ur dsa key and i
guess the o/p of the sha digest fu
Greetings!
On Thu, 2 Mar 2006, Venkata Sairam wrote:
> Hi
>
> Does anyone encounter this issue stated below before? I am stuck with my
> development. Can any one help\p?
I've encountered a problem seems to be the same. If a memory leak occurs
and the library has already freed the data need to di
Julien Demoor wrote:
Hello,
I'm getting an error with the DSA_sign() function : "data too large for
key size". I have inputed a 40-byte-long string representing a
hexadecimal SHA-1 digest. I can't find what the correct digest format
is, nor if anything else may lead to that error.
DSA_sign() e
27 matches
Mail list logo