Was there a change included in the 1.1.0 series which prints names
differently? I've looked, but been unable to narrow down what in specific
changed.
$ /usr/local/opt/openssl/bin/openssl version
OpenSSL 1.0.2n 7 Dec 2017
$ /usr/local/opt/openssl/bin/openssl x509 -in thawte.pem -noout -text |
Hello,
I inherited the code for web-server like server that i need to
maintain. It is setup that when you request a certain URL, the server
will renegotiate and request a client certificate. They said it worked
when they use OpenSSL 0.9.8, but we are seeing issues with 1.0.2l. When
it
On Thu, 2015-01-15 at 04:52 -0800, Adam Williamson wrote:
If anyone can point out what I'm missing I'd be very grateful :)
So I think I may actually know more or less what's going on, now.
Passing -purpose to `verify` seems to really enable only *purpose*
checking. It doesn't actually enable
, Code Signing
No Rejected Uses.
In one of my test cases, this seems to work pretty well. I just try to
connect to my server with s_client, using the two different CApaths.
black:
[adamw@adam tmp]$ openssl s_client -CApath black/ -connect
www.happyassassin.net:443
...
verify error:num=28:certificate
someone please help clarify what exactly to do here?
Thanks,
Adam
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager
On Tue, Jan 28, 2014, at 01:41 PM, Dr. Stephen Henson wrote:
On Tue, Jan 28, 2014, Adam M wrote:
Hi,
I'm reading the documentation for ERR_get_error_line_data() here:
http://www.openssl.org/docs/crypto/ERR_get_error.html
The comments say that 'data' is dynamically allocated
and clean out the internal structures.
I'll let the OpenSSL experts clarify that, however. In any case, the
documentation could definitely be improved in this regard.
-Adam
On Tue, Jan 28, 2014, at 01:33 PM, Jeremy Farrell wrote:
In C:
if ( data != NULLflags ERR_TXT_STRING
On Tue, Jan 28, 2014, at 05:18 PM, Dr. Stephen Henson wrote:
On Tue, Jan 28, 2014, Adam McLaurin wrote:
I suspect this will result in a double free bug, as I don't think memory
ownership of 'data' is actually passed back to the caller (which is why
it's 'const char**'). The error isn't
and links just fine.
Has anyone else attempted this before, I have found very little reference
material online.
My application is having some errors with ECDSA and all prior uses of RSA
succeed as expected.
Thanks in advance,
Adam
The information contained in this electronic mail transmission
indirect crl?
Thanks!
Adam
From: owner-openssl-us...@openssl.org [owner-openssl-us...@openssl.org] On
Behalf Of Jeff Saremi [jsar...@morega.com]
Sent: Thursday, March 17, 2011 3:01 PM
To: openssl-users@openssl.org
Subject: Re: Handling Indirect CRL Issuer
,MEDIUM and HIGH as aliases.
Please can someone provide me more information on this?
For example:
% openssl ciphers -v '-ALL:HIGH'
should give you a list of the HIGH ciphers.
AGL
--
Adam Langley a...@imperialviolet.org http://www.imperialviolet.org
(with the understanding it has not been
validated for compliance).
if this has been discussed already, i apologize. i could not find
anything on this issue, just on whether or not there will be a FIPS
140-3 validation in the future for OpenSSL.
thank you very much,
-=- adam grossman
confuses me:
Re-enable renegotiation but require the extension as needed.
i do not know what it means require extensions. Short of setting
SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION , what do i need to do to
have renegotiations work again?
thanks for the patience and hand holding,
-=- adam grossman
already built into the OpenSSL APIs.
thank you,
-=- adam grossman
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager
Peter-Michael,
thanks for the info, but this is on linux.
-=- adam grossman
On Sun, 2010-04-04 at 19:40 +0200, PMHager wrote:
Adam Grossman wrote:
is there a way i can set a timeout for an SSL_accept, either if the
handshake does not complete within X seconds (prefered), or even
i have done networking programming for a while, and i have never run
across that before. thank you so much, you have just saved me a lot of
development time!
-=- adam grossman
On Sun, 2010-04-04 at 22:34 +0200, PMHager wrote:
Adam Grossman wrote:
thanks for the info, but this is on linux
hello.
After FIPS_set_mode() passes, and i am in FIPS mode, is there anyway to
retrieve a version strings, such as FIPS 1.2 or anything like that so
i can verify that the correct FIPS module is being used?
thank you,
-=- adam grossman
is perhaps OpenSSL compiled with fipsld,
therefore i do not need to use it in my application? i just want to
make sure i understand the role of the fipsld in case i am getting a
false positive...
thank you,
-=- adam grossman
:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or
bad record mac:s3_pkt.c:422:
and the problem does not always happen on every connection, but it is
pretty frequent (about half the time). also, this did not happen with
0.9.7.
any ideas?
thanks to everyone yet again,
-=- adam grossman
to host a wiki or
anything like that.
openssl is pretty powerful, but the lack of documentation can make it
rather daunting when you are first learning, or if you need to deviate
from what the sample code you get is doing.
thank you,
-=- adam grossman
. what am i doing wrong?
just as a warning, once this is setup, i have a few more follow
questions.
thanks everyone ahead of time,
-=- adam grossman
__
OpenSSL Project http://www.openssl.org
User
On Thu, 2010-02-04 at 18:09 +0100, Dr. Stephen Henson wrote:
On Thu, Feb 04, 2010, Adam Grossman wrote:
hello once again,
i am trying to get CRLs working for client certs. i have read about a
million different ways of doing this, but this is how i am doing it:
X509_CRL *x509_c
On Thu, 2010-02-04 at 20:17 +0100, Dr. Stephen Henson wrote:
On Thu, Feb 04, 2010, Adam Grossman wrote:
On Thu, 2010-02-04 at 18:09 +0100, Dr. Stephen Henson wrote:
On Thu, Feb 04, 2010, Adam Grossman wrote:
hello once again,
i am trying to get CRLs working for client
On Thu, 2010-02-04 at 15:59 -0500, Adam Grossman wrote:
On Thu, 2010-02-04 at 20:17 +0100, Dr. Stephen Henson wrote:
On Thu, Feb 04, 2010, Adam Grossman wrote:
On Thu, 2010-02-04 at 18:09 +0100, Dr. Stephen Henson wrote:
On Thu, Feb 04, 2010, Adam Grossman wrote:
hello once
On Fri, 2010-01-29 at 01:52 +0100, Dr. Stephen Henson wrote:
On Thu, Jan 28, 2010, Adam Grossman wrote:
hello,
so close, yet so far
i fixed it where the client is sending the it's certs over and the
handshake is complete. but i have two problems:
1. for different
(X509_NAME)
*ca_stack)? that would really make my day.
thanks everyone for all there help on this questions, the past
questions, and the undoubtedly future questions,
-=- adam grossman
On Wed, 2010-01-27 at 23:29 -0500, Adam Grossman wrote:
i am trying to emulate something that mod_ssl does
am i missing?
thanks everyone once again,
-=- adam grossman
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager
nevermind... i had blinders on while reading the error, and i just
concentrated on the server. i just noticed the browser says:
Peer does not recognize and trust the CA that issued your certificate.
so i need to go make sure my certs are set up properly.
thanks,
-=- adam grossman
On Wed
i just tried 0.9.7m, and to no avail. i double checked my certs, i made
sure my CA cert on the server is correct, and i am still getting the
same error on the server and the browser is giving to Peer does not
recognize and trust the CA that issued your certificate.
thanks,
-=- adam grossman
something incorrectly?
thanks,
-=- adam grossman
On Wed, 2010-01-27 at 22:01 -0500, Brett Schoppert wrote:
Not sure if the problem I had it is the same as yours, but I meant 0.9.8k (
not 7k ).
I first verified my setup was working ( certs were correct, etc. ) by setting
up client-side SSL
On Fri, 2010-01-15 at 17:06 -0500, Victor Duchovni wrote:
On Fri, Jan 15, 2010 at 04:11:04PM -0500, Adam Grossman wrote:
A simpler question might be (hopefully), is after i call SSL_accept,
is there a way to retrieve all the raw data which was read in by
SSL_accept?
Don't call
On Sat, 2010-01-16 at 11:41 -0500, Victor Duchovni wrote:
On Sat, Jan 16, 2010 at 10:39:13AM -0500, Adam Grossman wrote:
On Fri, 2010-01-15 at 17:06 -0500, Victor Duchovni wrote:
On Fri, Jan 15, 2010 at 04:11:04PM -0500, Adam Grossman wrote:
A simpler question might be (hopefully
Adam Grossman wrote:
One last questions, and i am done bugging you about this...
These are the steps i am taking:
SSL_set_fd(ssl_data-ssl_ssl, sock_fd);
sslbio=SSL_get_rbio(ssl_data-ssl_ssl);
internalBIO=BIO_new(BIO_s_bio());
BIO_set_write_buf_size(internalBIO, 1024
you,
-=- adam grossman
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord
A simpler question might be (hopefully), is after i call SSL_accept,
is there a way to retrieve all the raw data which was read in by
SSL_accept?
thanks,
-=- adam grossman
On Fri, 2010-01-15 at 11:51 -0500, Victor Duchovni wrote:
On Fri, Jan 15, 2010 at 10:57:35AM -0500, Adam Grossman wrote
If so, am I supposed to use X509_STORE_add* for the indirect crl signer cert
and the iCRL?
-Adam Rosenstein
validation error
Am I misunderstanding the intention of the trusted stack? Does openssl provide
an in-memory x509 lookup method (from a stack of X509 *'s) or do I have to roll
my own?
Thanks for all of your answers Dr Henson,
Adam Rosenstein
-Original Message-
From: owner-openssl-us
full chain
CRL checking AND enforce timely updates to the CRL's while keeping our
infrequently used private keys out of normal circulation.
Also, I can confirm that name-constraints are working beautifully.
Adam Rosenstein
Red Condor
-Original Message-
From: owner-openssl-us
Ahh, that explains it. Thanks for looking into it.
The documentation on iCRLs was a little cryptic to me. It said that no
lookup methods were used (?). Now you say the store is also not used.
How
do I get the iCRL into the verification process? Also, does the current
1.0.0 icrl
, 2009, Adam Rosenstein wrote:
I'm using v1.0.0 Beta 3.
Hmm... there seems to be an SKID/AKID issue here:
There is also a bug in the verification code which means it was expecting to
find a CRL for the CRL signing certificate too even if not configured to check
the whole chain
what about
rsa_public_key-n
and
rsa_public_key-e
You could do
BN *n = BN_dup(rsa_public_key-n);
BN *e = BN_dup(rsa_public_key-e);
And do what you want with them (don't forget to free them)
If you are wanting to display them
char *n_txt = BN_bn2dec(n);
char *e_txt = BN_bn2dec(e);
or
tried chains like this:
RootCert-+-IndCRLSigner(crldp=http://x.y.z,issrname=IndCRLSigner)-crl
|
+-EndEntityCert(crldp=http://x.y.z,issrname=IndCRLSigner)
Crl idp == http://x.y.zhttp://x.y.z/
Thanks
Adam Rosenstein,
Red Condor
I'm using v1.0.0 Beta 3.
My code is perl xs glue but it looks something like this:
purpose= X509_PURPOSE_MIN - 1;
cert_store = X509_STORE_new();
revokes= crl_stack;
X509_STORE_set_flags(cert_store, 0);
vpm= X509_VERIFY_PARAM_new();
.
Please, let me know what route I should take from here to get it OpenSSL
installed.
Thank you,
Adam Jaber
(801)586-1480
adam.jaber@dla.mil
smime.p7s
Description: S/MIME cryptographic signature
Hi, I'm trying to write simple AES encryption/decryption routines. I'm
having trouble with the decryption routine, specifically, I get this error:
27013:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad
decrypt:evp_enc.c:461:
I've included my code below; I compile it with:
g++
On Thu, Jan 15, 2009 at 2:29 PM, Victor Duchovni
victor.ducho...@morganstanley.com wrote:
On Wed, Jan 14, 2009 at 06:17:28PM -0500, Adam Bender wrote:
if (!EVP_EncryptUpdate(ctx, sym_out_buf, out_total, (const unsigned
char
*) data, data_len)) {
ERR_print_errors_fp(stdout
Visual Studio 2005.
Regards,
Adam McCarthy
|
// unsigned char *data = thisisateststring but signed by the private key.
BIO *file = BIO_new_file(my_pub.pem, r);
RSA* rsa_key = PEM_read_bio_RSA_PUBKEY(file, NULL, NULL, NULL);
ERR_clear_error();
if (rsa_key == NULL) { // No errors are logged
algorithms are easily
compiled out.
Does anyone have some suggestions?
All I need is SHA1 and AES128
Thanks,
Adam
The information contained in this electronic mail transmission may be
privileged and confidential, and therefore, protected from disclosure. If you
have received this communication
Not that I got a response, but if anyone was paying attention (and for
anyone who tries to google the problem as I did), I solved the problem by
using gcc 3.3 to compile openssl instead of gcc 4.1. Dunno why it worked,
but there you go.
--Adam
On Tue, 9 Jan 2007, Adam D. I. Kramer wrote
error.
So then I downloaded the latest version of the source, 0.9.8d from
openssl.org, and re-attempted the same compile and install (with and without
the no-asm and compiler optimization flags)...same problem, same error at
the same time.
Any suggestion of where to look or what to do next?
--Adam
the function you want is RAND_status().
--
Adam Mlodzinski
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager
one, but
HPUX 11.22 does. Your end-users may need to install one of the random
data devices available from HP (they freely provide /dev/random,
/dev/urandom and their own version of openssl with a bundled random data
device)
SunOS/Solaris 5.6 and 5.7 also lack a random data device.
--
Adam
. Stephen Henson wrote:
On Mon, May 08, 2006, Adam Ringel wrote:
We are using the openssl-0.9.8a library in a program called lftp
to use
FTP over an SSL channel on a Solaris platform. We are getting
an unknown
error when we try to connect to a FTPS server running SecureTransport
4.1.1
We are using the openssl-0.9.8a library
in a program called lftp to use FTP over an SSL channel on a Solaris platform.
We are getting an unknown error when we try to connect to a FTPS
server running SecureTransport 4.1.1
The triggering function is: SSL_connect
The results of a call to
happening).
One more question. If I set RANDFILE to an egd device, will
RAND_load_file(RAND_file_name(x,y),z) behave, and will it happily seeded
the PRNG?
Thanks to all replies,
Adam M.
__
OpenSSL Project
Yo,
[EMAIL PROTECTED] wrote:
Hi Adam,
Thanks for your answer on the OpenSSL mailing list. Firstly, I'm sorry
for contacting you with your personal email address. Currently I can't
join the OpenSSL mailing list (my company has problems with its
reverse DNS zone).
openssl req -engine
ca -engine LunaCA3 -config openssl.cnf -cert CA.crt -keyfile
CA.key -in user.csr -out out -batch
Hope, this helps
Adam
As you can see, the RSA key is present :
# pkcs11-tool --module /usr/luna/lib/libcrystoki2.so -O
Public Key Object; RSA 1024 bits
label: RSA 1024-bit Public Key
Usage
I had the same problem. It took me a few days to figure it all out. Here is
my sample code that works. Let me know if you have any questions. Hope this
helps.
void main()
{
BIO *bmem, *b64, *bmem2, *b642;
BUF_MEM *bptr;
char inbuff[21];
char outbuff[12];
Thanks!
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Patrick Guio
Sent: Tuesday, November 01, 2005 9:51 AM
To: Adam Jones
Cc: openssl-users@openssl.org
Subject: RE: base64 encode/decode
On Tue, 1 Nov 2005, Adam Jones wrote:
I had the same problem
Hi Manuel,
Thanks a million for the examples. They look great, and will help me
tremendously.
-Adam
On Sun, 23 Oct 2005 21:09:45 +0200, Manuel Schölling
[EMAIL PROTECTED] said:
Hi,
The DTLS paper keeps talking about how similar it is to TLS, but I
haven't really coded TLS either, so
help me much. A simple
DTLS example would help tremendously.
Thanks,
Adam
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated
I am trying to
decode a base64 encoded string. There appears to be something wrong. The read
tells me that I have read 21 which is correct, but my output buffer has nothing
in it. Any suggestions on what is wrong with the code. Thanks in
Advance!
int
main
{
char
*sBase64[21] // this
need to get pointers to
the data to display it (or whatever).
On Oct 13, 2005, at 1:55 PM, Adam Jones wrote:
Visual C++ did not complain nor did it error out when it ran, but you
are correct it does take a BUF_MEM structure. I also added another BIO
method to the code. I also read
Thank you! It finally works...It appears you have to flush the BIO
before you get a pointer to it (as shown in your code below. Thanks!
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rich Salz
Sent: Monday, October 17, 2005 12:41 PM
To: Adam Jones
Below is the code I
am using to try and test the base64 encode in openssl. I am using rand to
generate a binary and then encoding that to base64. Instead of using a file, I
want to use memory to output the base64 encoded buffer. This code compiles and
runs, but my output buffer is all 0.
() gives you a pointer to BUF_MEM structure, not a
char*. Your compiler should have yelled at you for that.
On Oct 13, 2005, at 12:41 PM, Adam Jones wrote:
Below is the code I am using to try and test the base64 encode in
openssl. I am using rand to generate a binary and then encoding
I have been told
that EVP_EcryptInit() is obsolete and EVP_EncryptInit_ex() should be used instead. Can anyone confirm
that?
Thanks!
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Nils Larsch
Sent: Wednesday, October 12, 2005 2:38 PM
To: openssl-users@openssl.org
Subject: Re: EVP_EcryptInit() obsolete?
On Wed, Oct 12, 2005, Adam Jones wrote:
I have been told
line
Try not to use that common indiscriminately as it will deplete valuable
entropy from your system.
-Joe
On Oct 10, 2005, at 1:58 PM, Adam Jones wrote:
Thanks!
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kent Yoder
Sent: Monday, October 10
I have two 128
bit keysgenerated by openssl rand. Does openssl provide a way to BASE64
encode those keys?
ot;hello.b64". Check the man
pages for the "enc" command to find all sort of other options and encodings that
are available. Using the "-d" option, the "enc" command will also decode.
On Oct 11, 2005, at 9:42 AM, Adam Jones wrote:
I have two 128 bit
keys generated
encoding of AES
Keys
The easiest way to do this would be to use a "base64" BIO as a data
filter.
At this point I would highly recommend this book:
http://www.opensslbook.com/
-Joe
PS: My earlier comment about depleting entropy was entirely facetious.
:)
On Oct 11, 2005, at 1:5
Does anyone know how
to generate AES 128, 192, 0r 256 keys using the openssl command
line.
Thanks!
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kent Yoder
Sent: Monday, October 10, 2005 3:49 PM
To: openssl-users@openssl.org
Subject: Re: Generating AES Keys using command line
openssl rand 16 aes128.key
On 10/10/05, Adam Jones [EMAIL
What type of encryption are you using? And what function are you using to
print it out. I have used cout and it works fine with that.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Sheehan, Tim
Sent: Tuesday, September 27, 2005 3:46 PM
To:
, the unique characters are interpreted
incorrectly.
T
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Adam Jones
Sent: Tuesday, September 27, 2005 5:09 PM
To: openssl-users@openssl.org
Subject: RE: printing encrypted strings
What type of encryption are you using
I can't compile and
link openssl version .0.9.7g for VC++ 6.0
This is the error I
am getting :
Linking...libeay32.def : error LNK2001: unresolved
external symbol PROXY_CERT_INFO_EXTENSION_freelibeay32.def : error LNK2001:
unresolved external symbol
of the failiure could be?
Thanks
-- Adam
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager
=0
After scanning the archives, I discovered that this is not a good
result. The previous post about this problem remains unsolved. I'm
hoping for some better luck.
Any help would be greatly appreciated - my builds are broken until I get
this fixed.
--
Adam Mlodzinski
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Lance Nehring
What does the chatr command show for your executable? Do
the shared libraries have execute permissions?
Thanks for the quick reply - much obliged. If I chatr on openssl, I get
the output below. Looks like I've
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Lance Nehring
What does the chatr command show for your executable? Do
the shared libraries have execute permissions?
On a more useful note, here's the output of chatr from my build system.
The openssl libs are listed, but how
How long exactly is ``shortly?'' Wouldn't the release be 0.9.6j, which I haven't
heard anything about?
thanks,
adam
On Mon, Mar 17, 2003 at 08:47:01AM +, Ben Laurie wrote:
I expect a release to follow shortly.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net
Message -
From: Adam Lewis [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, August 13, 2002 10:19 PM
Subject: Re: Upgrading openssl
Thanks. Makes sense. That's been on my mind for quite some time.
ldd httpd gives..
__SNIP__
libmysqlclient.so.10 =
/usr/local
Thanks. Makes sense. That's been on my mind for quite some time.
ldd httpd gives..
__SNIP__
libmysqlclient.so.10 =
/usr/local/mysql/lib/mysql/libmysqlclient.so.10 (0x40014000)
libcrypt.so.1 = /lib/libcrypt.so.1 (0x40039000)
libresolv.so.2 = /lib/libresolv.so.2
I'm running RedHat 7.3 with openssl-0.9.6g. I had openssl installed as the
rpm install from the CD and uninstalled it and installed 0.9.6g from source.
When I try to run mutt or another app that depends on openssl (that was
installed RPM) I get the following error. If I'm not mistaken,
Hi,
I get the following error when running make install on RedHat Linux 7.3 on 3
different machines...
__SNIP__
/bin/sh: -c: line 1: syntax error near unexpected token `do'
/bin/sh: -c: line 1: `pod2man=`cd ../../util; ./pod2mantest ignore`; for i
in doc/apps/*.pod; do fn=`basename $i .pod`;
unsubscribe as well.
--
Adam
http://www.eax.com The Supreme Headquarters of the 32 bit registers
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL
and the above 3 fields in it?
Thanks,
Adam
--
Adam
http://www.eax.com The Supreme Headquarters of the 32 bit registers
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
ideasB?
On Fri, 1 Feb 2002, Martin Leung wrote:
Hi Adam,
Only certificate with corresponding private key is meaningful in the
Personal store. Otherwise, you can't use the cert. for signing. To create
one, you need to:
- set up a CA, e.g. use the perl script in the archive
- make a cert req
will be accepted as
'personal certificate. Does such thing exist?
Adam
--
Adam
http://www.eax.com The Supreme Headquarters of the 32 bit registers
__
OpenSSL Project http
,
--adam
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
some legacy anti-replay or something. The problem exists on
both unix and windows clients.
--adam
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL
On Mon, Jan 14, 2002 at 01:55:53PM -0800, Eric Rescorla wrote:
Adam Wosotowsky [EMAIL PROTECTED] writes:
If the clocks are within say 30 minutes of each other the SSL handshake
will go through without a hitch and communications will flow smoothly.
However, if the clock is set quite a few
Please cc: me an any responses, as I am not subscribed to this list.
openssl appears to require clock synchronization between servers in
order to fully authenticate. Why is this so, and is there any way
to get around it for certain instances?
Thank you in advance for any help.
--adam
/ssl/bin/openssl rsa
-inform NET -in priv.key
Any ideas? The keys were exported from IIS 4...
Thanks in advance...
-Adam
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
Title: [openssl-users] Preverify Password for certificate
I am writing an application and in my code I would like
to verify that a stored password I have will work for a certificate.
Certificate ? Not private key
?
Is there a programatic way to do
this?
I don't know how to do it
Michael Wohlwend wrote:
Hi there,
I'm new to openssl and want to implement a client/server SSL connection. The
difficulty is that the private key is on a smartcard ( it never leaves the card) so
SSL should delegate all signing to the card.
Is this possible at the moment ?
It's easy if
Greetings,
I am writing a client/server app in which the client needs to validate
that the server it is connecting to is actually who it claims to be.
The server is using a self-signed certificate. The logic would
(hopefully) be along the lines of:
1. establish an SSL connection to a
patch!!!
So I guess that I need a patch-2.5 to apply to Apache and OpenSSL. But
where can I get it?
http://www.apache-ssl.org/#FAQ
cheers,
Adam
--
Adam Laurie Tel: +44 (20) 8742 0755
A.L. Digital Ltd. Fax: +44 (20) 8742 5995
Voysey House
Barley
oned above), and compile it.
Q: Does this "compile it" mean "./config, make, make test, make
install"?
Yes, but you don't need to install if you don't want to.
cheers
Adam
--
Adam Laurie Tel: +44 (20) 8742 0755
A.L. Digital Ltd. Fax: +
1 - 100 of 106 matches
Mail list logo