On Wed, Apr 9, 2008 at 3:52 PM, David Schwartz <[EMAIL PROTECTED]> wrote:
>
> > Right, Gotcha!
> >
> > There is one flaw in this design however.
> >
> > Peers:
> > A, B, E
> >
> > By this scenario all three peers would be able to communicate, not
> > just A and B, but also E.
>
> Do you w
> Right, Gotcha!
>
> There is one flaw in this design however.
>
> Peers:
> A, B, E
>
> By this scenario all three peers would be able to communicate, not
> just A and B, but also E.
Do you want the server to have to approve A to talk specifically to B? Or do
you just want A and B to be able to i
Thanks, excellent description!
On Apr 9, 2008, at 2:22 PM, Kyle Hamilton wrote:
On Wed, Apr 9, 2008 at 2:10 PM, David Schwartz
<[EMAIL PROTECTED]> wrote:
Thanks Kyle,
Here is my situation:
I have a server which can sign certificates over tls(implemented in
both client and peer).
I genera
On Wed, Apr 9, 2008 at 2:21 PM, Julian <[EMAIL PROTECTED]> wrote:
> Right, Gotcha!
>
> There is one flaw in this design however.
>
> Peers:
> A, B, E
>
> By this scenario all three peers would be able to communicate, not just A
> and B, but also E.
If E does not have a certificate signed by th
On Wed, Apr 9, 2008 at 2:10 PM, David Schwartz <[EMAIL PROTECTED]> wrote:
>
> > Thanks Kyle,
> >
> > Here is my situation:
> >
> > I have a server which can sign certificates over tls(implemented in
> > both client and peer).
> >
> > I generate a public/private key pair for each peer now.
>
Right, Gotcha!
There is one flaw in this design however.
Peers:
A, B, E
By this scenario all three peers would be able to communicate, not
just A and B, but also E.
On Apr 9, 2008, at 2:10 PM, David Schwartz wrote:
Thanks Kyle,
Here is my situation:
I have a server which can sign cert
> Thanks Kyle,
>
> Here is my situation:
>
> I have a server which can sign certificates over tls(implemented in
> both client and peer).
>
> I generate a public/private key pair for each peer now.
>
> I need a way so Peer A Trusts Peer B because.
>
> So, I am trying to figure out the best way to
> >Cool! Which releases of Firefox support ECC?
I am certain Firefox (Windows XP Pro) 2.0.0.12 and
.13(latest) support ECC certificates. In linux
(debian etch 4.0), I was also using the same versions.
According to
"http://dev.experimentalstuff.com:8082/mozilla/";, ECC
has been enabled in firefox
If you type about:config into the address bar in Firefox (I am using
2.0.0.13) and type ecdsa into the filter field, Firefox will display the
ECC ciphers.
Victor Duchovni wrote:
Cool! Which releases of Firefox support ECC?
--
Leonard F. Elia III, CISSP 757.864.5009
Sr. System Administ
Hi.. Kyle: thanks for your answer. I've been looking into it, and if
OpenSSL works as I think it does, then it should be easy to put a
BIO_s_mem between my TCP implementation's socket and OpenSSL.
Now I'd just need to program USING OpenSSL... the internet's driving
me crazy, there seems to be no c
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Neale Pickett schrieb:
Hello Neale,
| People keep sending me ".ent" files (example at the bottom of this
| message). They look to me a lot like Privacy-Enhanced Mail (remember
| Privacy-Enhanced Mail?) files. I've got all my S/MIME stuff set up and
Have you checked shared libs with ldd ?
# ldd /app/Apache/e2e01/modules/mod_ssl.so
Also check if ssl and crypto are where they are supposed to be...
# ldconfig -p | grep ssl
# ldconfig -p | grep crypt
Saju
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Ti
Hello,
I'm trying to configure openssl 0.9.8g on a 64bit install of SLES 10. I'm
using a script that works fine in 32 bit, but doesn't work correctly in 64
bit. The script installs openssl to /app/openssl/0.9.8g with the --shared
option, and then adds /app/openssl/0.9.8g/lib to /etc/ld.so.conf a
Find yourself a base64 encoding/decoding library.
That's all you need. Here's the pseudo code:
DER = base64-decode(PEM);
PEM = base64-encode(DER);
Well, and you need to add/remove the "- BEGIN CERTIFICATE -" lines.
Good luck!
yours,
Julius
On Wed, Apr 9, 2008 at 7:29 AM, geragr
On Wed, Apr 09, 2008 at 10:31:36AM -0400, Big BDI wrote:
> Thank you for your suggestion, I was successful in
> getting Firefox to connect with the addition of v3
> extensions.
Cool! Which releases of Firefox support ECC?
> [ v3_server ]
> subjectKeyIdentifier=hash
> authorityKeyIdentifier=keyid
I think you can use the function getch() with option "noecho".
Faustin
Original Message
Subject: Blind input
From: Till Elsner <[EMAIL PROTECTED]>
To: openssl-users@openssl.org
Date: mer 09 avr 2008 16:03:23 CEST
Hi,
I know this might not be the right mailing list for that,
geragray wrote:
> I need to create X509 structure from a pointer to the memory area where it is
> stored
> I have found
> X509 *d2i_X509(X509 **px, const unsigned char **in, int len);
> but certificate there should be in DER format.
> Does anybody know a way to create if from PEM certificate? All
> Reply-to: openssl-users@openssl.org
> X-Sender: Victor Duchovni
> <[EMAIL PROTECTED]>
> X-List-Manager: OpenSSL Majordomo [version 1.94.5]
> X-List-Name: openssl-users
> Content-Length: 4899
>
> On Tue, Apr 08, 2008 at 08:43:51PM -0400, Big BDI
> wrote:
>
> > Is something wrong with my certific
I need it for a set of functions that would convert PEM certificates to DER
and vise versa. I found openssl command line tool:
x509 –in input.crt –inform PEM –out output.crt –outform DER
and traced it's code:
It is done by creating X509 object from a file and then converting it to the
requred fo
Fantastic, thats exactly what I needed. Thanks a lot.
Thanks ans regards
Till Elsner
Am 09.04.2008 um 16:16 schrieb Ambarish Mitra:
I'm trying to read a password from console in a C program and I want
prevent the entered password from actually appearing on the console,
just the way it happ
I need to create X509 structure from a pointer to the memory area where it is
stored
I have found
X509 *d2i_X509(X509 **px, const unsigned char **in, int len);
but certificate there should be in DER format.
Does anybody know a way to create if from PEM certificate? All i found is
PEM_read_X509 a
I'm trying to read a password from console in a C program and I want
prevent the entered password from actually appearing on the console,
just the way it happens with e.g. system passwords. How to realize that?
-- If on *NIX systems, use "getpass" function call. I think this will work.
Hi,
I know this might not be the right mailing list for that, but maybe
someone can help anyway since I guess this is just some simple thing.
I'm trying to read a password from console in a C program and I want
prevent the entered password from actually appearing on the console,
just the
Prabhu S wrote:
Hi,
The client is configured with SSLv3_client_method.
*ctx = SSL_CTX_new(SSLv3_client_method());*
Whenever the client tries to connect to server with any CBC ciphers
like DES-CBC3-SHA, the SSL handshake is successful but when the
client tries to send data to server,say 1
Hi,
The client is configured with SSLv3_client_method.
*ctx = SSL_CTX_new(SSLv3_client_method());*
Whenever the client tries to connect to server with any CBC ciphers like
DES-CBC3-SHA, the SSL handshake is successful but when the
client tries to send data to server,say 10 bytes, I see from eth
Hi Patrick ,
ThanQ for your information , my intention also to use pkcs funtions only ,
but the problem is I am not understanding how to use them.
for that only i am asking for any application program that will do the
signing and verification . and there is no clearity in those funtions which
algor
Hi,
I got mysself a Thawte Freemail certificate. First, I downloaded it
hitting the "fetch" button in __Firefox__. Firefox is keeping the keys
and certificate in some PKCS#11 encrypted form. I used the "Backup"
feature to obtain a *.p12 file. From this point on I can convert it
using OpenSSL to
Hi Shankar:
The functions in pkcs7.h look rather straightforward - I think the hint
you need is to not sign the data outside of the PKCS7 functions (don't
use RSA_sign), but instead, try using just the functions in pkcs7.h to
do what you want.
(I've never done what you're trying to do, so don't a
Hi Every body,
Please help me for the following information . I am working on securtiy
issues ,I have to sign, compress, encrypty the file as CMS package. In
order to fullfill conditions I have to use pkcs7 API's ( in C - Program).
Let me give you some brief on my work :
I have a file , I need
Thanks Kyle,
Here is my situation:
I have a server which can sign certificates over tls(implemented in
both client and peer).
I generate a public/private key pair for each peer now.
I need a way so Peer A Trusts Peer B because.
So, I am trying to figure out the best way to do this, can ser
Hi,
I am running openssl 0.9.7 on an MP-RAS Unix box with 32 bit Intel hardware.
Very occassionally (four times in eight months) I have seen a segmentation
fault in the big number code, when CRYTPO_malloc calls malloc. I understand
that heap corruption can arise from just about anywhere, but it is
31 matches
Mail list logo