On 2009.05.20 at 18:28:42 +0200, Peter Sylvester wrote:
IMO a good approach is also to simple read and understand apps/x509.c
Unfortunately, it wouldn't help much. x509 utility does work only with
certificates in files (or stdin), so it uses d2i_X509_bio.
In this case certificate is stored in
Dear all:
I have some question about parameters pass to bn_rand
from http://www.openssl.org/docs/crypto/BN_rand.html, the top has 3 choices.
a. -1 most significant bit of the random number can be zero
b. 0 most significant bit of the random number is 1
c. 1 most significant 2 bit of the random
I'm trying to create a custom self-signed p12 file in order to attach it
to a opentsa server but i don't know how to do the next question:
Generate a private key and a certificate including the TimeStamping
critical extended key usage X.509v3 extension for the TSA and set up the
mod_tsa
Hi Dave/Ger/Kyle n all
Thanks for the inputs
The problem got solved
I used -config option to specify the location of openssl.cnf
Then I followed steps specified on modssl site
http://www.modssl.org/docs/2.8/ssl_faq.html#ToC29
and changed the default key location in httpd.conf file now its
Dear all:
I have some question about parameters pass to bn_rand
from http://www.openssl.org/docs/crypto/BN_rand.html, the top has
3 choices.
a. -1 most significant bit of the random number can be zero
b. 0 most significant bit of the random number is 1
c. 1 most significant 2 bit of the
I'm trying to use opentsa but i don't find anywhere how can I build a tsa
certificate p12 file in with my self-signed certificate. Can I build it
with an openssl command, and what about the syntax ?
Thanks in advance to everybody
--
Santiago PĂ©rez Agra
Concello de Pontevedra
Hi Kyle,
How we give the engine support in the ./config line.
-Yateendra J.
-Original Message-
From: Kyle Hamilton [mailto:aerow...@gmail.com]
Sent: Wednesday, May 20, 2009 11:11 PM
To: openssl-users@openssl.org
Cc: Jaiman, Yateendra
Subject: Re: [FWD] Openssl-0.9.8e/i build fails with
Victor B. Wagner wrote:
On 2009.05.20 at 18:28:42 +0200, Peter Sylvester wrote:
IMO a good approach is also to simple read and understand apps/x509.c
Unfortunately, it wouldn't help much. x509 utility does work only with
certificates in files (or stdin), so it uses d2i_X509_bio.
In
Hi,
Thank you all for the replys.
I've found out what the problem was.
The buffer that I sent to d2i_X509 function was bad ASN.1 buffer.
After solving the cetrificate buffer retrieval everything worked great!
Thanks Again,
Lior
2009/5/21 Peter Sylvester peter.sylves...@edelweb.fr
Victor B.
On Thu May 21 2009, Finest Software for All Windows and Apple Mac wrote:
Look up finest very cheap Applications today..
- - - Snip - - -
OpenSSL: $7,850USD, includes a developer in the package enabled
for a limited-use, one-month, trial period.
Developer may be returned at any time
I'm trying to connect to an HTTPS server, and my connection is being
rejected when I use a client certificate:
[dw...@macbook ~]$ openssl s_client -cert $CERT -connect $SERVER:443 -crlf -tls1
CONNECTED(0003)
depth=1 /C=US/O=Foo Corporation/CN=Foo Intranet Basic Issuing CA 2A
verify
Dear all:
at the end of letter, I append the the public key I excerpted from my
certificate by openssl x509.
Since the key is 2048 bits, 256 bytes, I find the length of 00:af:..14:f7
is 257 bytes.
But I use -modulus parameter, I see the beginning 00 will disappear
and the size if 256 bytes as
Hi all,
I need to build a scenario of detecting incorrect cypher suite of TLS
connection.
The plan is to modify from a good TLS server, to encrypt data in a different
cypher method from client request in handshake phase. However, as openssl
encapsulated the implementation, I wonder if there's
Dear all:
at the end of letter, I append the the public key I excerpted from my
certificate by openssl x509.
Since the key is 2048 bits, 256 bytes, I find the length of
00:af:..14:f7
is 257 bytes.
Right. In BER/DER form, without the leading 00 byte, the high bit is set and
the number
4. TLS server free, but responding incorrectly
(as the scenario described in the beginning)
Is there any way to differticate these cases, especially case 4?
Peter
No. There are an infinite number of variations on responding incorrectly.
If you can define it precisely, then you can test for
For me , the responding incorrectly here defined as incorrect cypher
suite.
Is there any way to detect this exact error?
Thanks
Peter
On Fri, May 22, 2009 at 1:04 PM, David Schwartz dav...@webmaster.comwrote:
4. TLS server free, but responding incorrectly
(as the scenario described in the
16 matches
Mail list logo
