Thank you Christian, it helped to decode the kerberos principal name .
The code worked.
Regards
Naveen
Christian Hohnstaedt wrote:
On Wed, Sep 22, 2010 at 05:48:07PM +0530, Naveen B.N wrote:
Thank you Christian,
your suggestions helped us to get the position but as you mentioned the
That's not the problem, I think, because if the only instruction of the
function is:
int rsa_keygen (RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) {
return 1;
}
I get the segmentation fault when the rsa_keygen ends. But if I return 0
or -1 (errors) OpenSSL reports me error in genrsa and call
On Thu, Sep 23, 2010 at 10:08:40AM +0200, Nacho ?lvarez wrote:
That's not the problem, I think, because if the only instruction of the
function is:
int rsa_keygen (RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) {
return 1;
}
I get the segmentation fault when the rsa_keygen ends. But if
Hi,
Thanks for your suggestion! But as far as I see, the assembler code in
x86_64cpuid.asm _is_ the reference to OPENSSL_cpuid_setup! The runtime
will call the functions given in the .CRT$XCU section before calling the
main() entry. And it seems to me that the OPENSSL_cpuid_setup function
in
Sure.. but please excuse me as this is the first time posting on this
forum ~ post in plain text or does this system support attached files?
Patrick Patterson wrote:
Hi Chris:
Can you post the certificates in question? My guess is that you don't have the
various extensions set according to
I think we're on to something here... thank you for your time and
attention, btw!
I still can't see anything about the AIA thing, but I took another go at
the basicConstraints and keyUsage, and seem to have slightly better
results. I changed basicConstraints to True (it was FALSE by default),
According to my understanding, that section is just a declaration of an
external function. The section is needed to be there only if the function is
called in the x86_64cpuid.asm. So, I don't think it will affect anything. In
fact, my x64 version build runs perfectly. (I am using openssl 1.0.0 and
Sorry, I think I should make clear that I'm using two different
setups... one for the CA and another for the end user certificate.
For example, my CA is in /etc/pki_MessageNet/CA while my end-user is in
/etc/pki_MessageNet/tls --- so when I generate my CA keys, it has its
own config file /
Actually, that section (specifically, the DQ line) places a single
pointer constant in a data section with the magic name .CRT$XCU.
Background:
The Microsoft linker, upon seeing a $ sign in a section name will
merge this section with all other sections name .CRT or
.CRT$whatever, but only
I disagree; according to
http://blogs.msdn.com/b/vcblog/archive/2006/10/20/crt-initialization.aspx
.CRT$XCU is for setting up static initializers. Also, the text of the
source file from which the assembler file is generated gives a hint that
it is a call:
.extern OPENSSL_cpuid_setup
Can someone explain what is needed to create and EV (Extended Validation)
Certificate? I have been trying to research this and have found limited
information on this. Only one document that was of any help
-àhttp://www.cabforum.org/EV_Certificate_Guidelines.pdf.
My issue is with OpenSSL
Thanks for the suggestion, but I've already tried that, more or less
My web server config already has that mime type configured, and the
client is capable of recognizing the properly served filetype. I've
tried installing certificates through IE's wizard automatically in such
a way... as
Hi
I have generated a private key using the below command and want to extract the
public key in a format that is compatible with sites using Java.
openssl genrsa -out priv_key.txt 1024
Is there a command in openssl that will extract the public key for this private
key in a cert file or xml
Great! Thanks for that information Patrick. :)
Thanks,
Andy Goktas
Patrick Patterson ppatter...@carillonis.com 9/17/2010 6:11 AM
Hi Andy:
Well, aside from violating most of the standards around PKI, the main problem
you will have is revocation - the way you revoke a certificate is to put
So using the -CAserial serial.srl might be a good idea to avoid this.
Now this leads me to the next question:
- Besides manually documenting a cross-reference for each certificate that I
sign to a serial number, is there any way to have this scripted and for an
appending log to the
How does one handle a suspend/resume power cycle when using OpenSSL?
Specifically, suppose one is in the middle of a SHA-1 Init/Update/Final
sequence when the suspend signal occurs? What happens to SHA_CTX?
I know I can save and restore SHA_CTX by peering into the structure. I
also know that
Would be great if I can get answers to the below questions
thanks
aparajita
From: Aparajita Sood (apsood)
Sent: Tuesday, September 21, 2010 11:54 AM
To: 'openssl-users@openssl.org'
Subject: REGD : openssl vulnerability CVE-2010-2939 : double in
ssl3_get_key_exchange
Hi OpenSSL Folks,
I'm
Hi All,
We are using OpenSSL (binaries built as static version) in our application.
We are using the version 0.9.8i and the size of libeay32.lib (built in 32 bit
windows) is 3.392 MB.
We are thinking of updating to latest version of OpenSSL 1.0.0a.
When we built the binaries for 1.0.0a (static
Hodie IX Kal. Oct. MMX, Gumbie scripsit:
Can someone explain what is needed to create and EV (Extended
Validation) Certificate? I have been trying to research this and have
found limited information on this. Only one document that was of any help
Hi Andy:
If you use the OpenSSL CA scripts as shipped and documented both in the OpenSSL
document, the book, or numerous places on the web, they already use index.txt
as a list of all issued certificates. So no extra work is needed.
Have fun.
Patrick.
On 2010-09-22, at 4:52 PM, Andy GOKTAS
Hey there:
Well, the first thing to do to be able to issue EV certs and have them
recognised by the various browsers is to build a CA and issuance regime that
will pass an audit according to the rules from the CABrowser folks, do a proper
key ceremony, and then have that audit.
And then, wait
Hi,
The database file (an option in your openssl.conf) handles that
perfectly.
Cheers
Pascal
2010/9/22 Andy GOKTAS andy.gok...@state.or.us
So using the -CAserial serial.srl might be a good idea to avoid this.
Now this leads me to the next question:
- Besides manually documenting a
Hi List,
Is there way to set openssl default ciphers (“DEFAULT”), that all
openssl enabled programs use by default?
Without recompiling the openssl?
br,
--
Eero
__
OpenSSL Project
Hi,
I have an SSL apllication, that it suppose to run for a long time. After some
time of running, I found the usage of the memory is growing. I stop all SSL
connections and checked all SSL * has been freed but it could not release the
memory back to the system.
After some investigation, I
From: owner-openssl-us...@openssl.org On Behalf Of Panikulam Vivek
Sent: Thursday, 23 September, 2010 10:53
I have generated a private key using the below command and
want to extract the public key in a format that is compatible
with sites using Java.
On 9/23/2010 7:16 AM, Gumbie wrote:
Can someone explain what is needed to create and EV (Extended
Validation) Certificate? I have been trying to research this and have
found limited information on this. Only one document that was of any
help
On 9/23/2010 11:42 AM, zhu qun-ying wrote:
Hi,
I have an SSL apllication, that it suppose to run for a long time. After some
time of running, I found the usage of the memory is growing. I stop all SSL
connections and checked all SSL * has been freed but it could not release the
memory back
From: owner-openssl-us...@openssl.org On Behalf Of Pascal Delaunay
Sent: Thursday, 23 September, 2010 12:00
The database file (an option in your openssl.conf) handles that
perfectly.
If you use 'ca'; or as Patrick Patterson said, the scripts which do so.
Not 'x509 -req
28 matches
Mail list logo