CRYPTO_mem_leaks() to get an indication of the memory leaks.
Assistance would be much appreciated.
Kind regards,
Chris
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
The serial number has to be unique for the issuer (CA).
You can have multiple certificates with the same SubjectName, but the
SerialNumber field has to be unique unless you're using a different
issuer.
Chris
On Sun, Sep 19, 2010 at 10:53 PM, aerow...@gmail.com wrote:
If you generate multiple
On Sep 15, 2010, at 9:51 AM, Lutz Jaenicke wrote:
Forwarded to openssl-users for public discussion.
Best regards,
Lutz
- Forwarded message from Sujatha S sujatha.subb...@gmail.com -
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=gamma;
Be careful you are not checking the web server from a browser that has the
intermediate certificate installed.
Obtain the root certificate - and only the root certificate - that is likely to
be present in a random user's browser and save it as thawte_root_cert.pem
openssl s_client -verify 10
) mod_jk/1.2.25
mod_ssl/2.2.13 OpenSSL/0.9.8n
Any help or further questions would be appreciated!
Chris
More detailed version of logs similar to those above:
[info] [client ip_address_scrubbed] Connection to child 6 established (server
hostname_scrubbed:8443)
[info] Seeding PRNG with 136 bytes
On Thu, Jun 10, 2010, Chris Bare wrote:
I have 2 different certs with the same subject name in a CA dir:
lrwxrwxrwx 1 chris chris 23 2010-06-10 14:35 0721e1e6.0 - other.pem
lrwxrwxrwx 1 chris chris 18 2010-06-10 14:35 0721e1e6.1 - ssl.pem
when I try to establish an ssl
the code below works fine if signed = true.
If signed = false, i2d_CMS_bio_stream seg faults.
I've looked through the code inside CMS_sign and didn't see anything else
obvious that I should call.
any suggestions on what I'm missing for an unsigned CMS?
--
Chris Bare
ch...@bareflix.com
Can anyone confirm if OpenSSL 1.0.0a is compatible with Visual Studio 2010?
-Chris
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
On Mon, 2010-05-10 at 14:43 -0400, Chris Bare wrote:
Is there a way get have X509_verify_cert retry it's path building after it
gets an X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT?
My idea is to implement a verify callback that uses the AIA information to
download the issuer cert and add
to let X509_verify_cert error out and call
it again?
--
Chris Bare
ch...@bareflix.com
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
On 05/10/2010 08:43 PM, Chris Bare wrote:
Is there a way get have X509_verify_cert retry it's path building after it
gets an X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT?
My idea is to implement a verify callback that uses the AIA information to
download the issuer cert and add it to the stack
Hi,
I need to convert an XML certificate meant for a Windows system ( which I
unpacked from a CAB file) into something I can use on a Linux-like
SmartPhone like *.cer or *.pfx format. Is there anyway to use openssl (or
any other tool) to convert from one format to the other ?
thanks
--
Chris
());
}
sslMutex.unlock();
}
// We're not checking if it's a READ or a WRITE lock/unlock
if (mode CRYPTO_LOCK) {
mutexVec[n]-lock();
} else {
mutexVec[n]-unlock();
}
}
Thanks,
Chris
the
directory.
--
Chris Bare
ch...@bareflix.com
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager
to work on a patch.
I understand I can make the command line tool with with -verify_other, but in
my code I have no handy way to do that. My users are going to dump all trusted
certs, regardless of purpose, into the trusted store.
--
Chris Bare
ch...@bareflix.com
Can I reuse an X509_STORE for multiple ssl connections, cert verifications
etc, or should I create a fresh one for each operation? If I reuse it will it
continue to grow as it pulls in more certificates?
--
Chris Bare
ch...@bareflix.com
the intermediaries?
Is there a way to hook in my own function to do this? It seems like you have
the info you need during the path building process, and I don't want to have
to duplicate that.
Any other suggestions on the best way to handle this?
--
Chris Bare
ch...@bareflix.com
On Thu, Apr 1, 2010 at 3:11 AM, Jason Haar jason.h...@trimble.co.nz wrote:
Hi there
We have a CentOS-4.8 server that was upgraded to
httpd-2.0.52-41.ent.7.centos4 this week -
You need to upgrade Apache to httpd-2.2.15 (released March 6, 2010)
Your version is years old.
-Chris
Is there a API to extract the X509 cert(s) from a CMS_ContentInfo object?
Looking at the implementation of CMS_add0_cert() I see how to reach them, but
that function depends on things defined in cms_lcl.h, so I can't re-implement
it in my code.
Any suggestions?
--
Chris Bare
ch...@bareflix.com
?
-Chris
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
What he means, is that the openssl.org web site was down most of
yesterday.. But I see it is working again today.
-Chris
On Tue, Mar 9, 2010 at 2:34 AM, tensy joseph rajanchit...@gmail.com wrote:
What you mean by Downage on 8th March 2010?Can you please elaborate?
On Mon, Mar 8, 2010 at 8
/openssl/lib/libssl.so.0.9.8: hardware capability
unsupported: 0x1000 [ SSE2 ]
-Chris
On Wed, 25 Nov 2009, The Doctor wrote:
I was able to see openssl.org last night MST but not at this current
time.
Works fine for me.
--
_ ___ __ _
/ __/ / ,__(_)_ | Chris Wilson at qwirx.com - Cambs UK |
/ (_/ ,\/ _/ /_ \ | Security/C/C++/Java/Perl/SQL/HTML Developer
the 33rd couldn't
be read and imported?
The return value seems really ambiguous to me and there is no way to know if
there was an error or not. Am I just missing something obvious?
-Chris
in wireshark, choose Decode As, then set the
TCP port to and choose SSL from the list.
Cheers, Chris.
--
_ __ _
\ __/ / ,__(_)_ | Chris Wilson at qwirx.com - Cambs UK |
/ (_/ ,\/ _/ /_ \ | Security/C/C++/Java/Ruby/Perl/SQL Developer |
\__/_/_/_//_/___/ | We are GNU : free your mind
I'm getting almost everything I want but can't figure out how to get
the X509 signature algorithm so I can check for md5 badness. Any help?
Here's my test php:
?php
$mode = ssl;
$host = pop.gmail.com;
$port = 995;
$ca_roots = 'CertificateStore.pem';
$site_cert = NULL;
$context =
I have key.pem and cert.pem I'm trying to convert them to pkcs12 using the
following command:
openssl pkcs12 -export -in cert.pem -inkey key.pem -out pkcs12.p12
I get the following:
unable to load private key
Any ideas?
Chris Miller
allowed/able to
modify the make files in order to use the right compiler where necessary. Is
what I'm talking about really doable?
Best,
Chris Koston
, requestNonce, ASN1_OCTET_STRING, 1)
} ASN1_SEQUENCE_END(CVRequest)
IMPLEMENT_ASN1_FUNCTIONS(CVRequest)
Is the error complaining out the structure I have defined, or the der data it
is trying to process?
As far as I can tell the der data doesn't even contain a requestorRef.
Any suggestions?
--
Chris Bare
ch
call to i2d_CMS_bio_stream, but I also get 0
bytes output to the file. If I comment out the first call, it works fine.
Is there something else I need to reset, or once it's sent, do I have to start
all over with a new cms object?
--
Chris Bare
ch...@bareflix.com
A fix has now been applied, please try the current 1.0.0 CVS, get the next
snapshot or just manually apply:
http://cvs.openssl.org/chngview?cn=18310
Steve.
I built from the latest CVS and it now works fine. Thanks for the fix.
--
Chris Bare
ch...@bareflix.com
is sending back some data, but
BIO_read returns -1.
Any suggestions?
--
Chris Bare
ch...@bareflix.com
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users
-rbio (nil)
ssl-wbio (nil)
So naturally, after that the next call to BIO_read (output) fails.
why would the bio's be getting set to null?
Is there some other flag or function I need to use to prevent this?
--
Chris Bare
ch...@bareflix.com
code.
--
Chris Bare
ch...@bareflix.com
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager
I'm trying to understand the ASN1 macros like:
ASN1_SEQUENCE
IMPLEMENT_ASN1_FUNCTIONS
etc to implement my own structures.
What examples in the code would be best to follow, especially for nested
structures with optional elements?
--
Chris Bare
ch...@bareflix.com
or pointers would be appreciated.
--
Chris Bare
ch...@bareflix.com
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List
to
write it to a socket in DER format, not base64.
Also I need to figure out how to build up other ASN1 structures to go inside
the ContactInfo. I hoped looking at the CMS code would give me an example to
follow, but if so, I haven't figured it out yet.
--
Chris Bare
ch...@bareflix.com
-
What this article says is this: if you *received* data from TCP
connection it will be without duplication or losing data. It doesn't
say: if you *send* data it will be received correctly by other host.
It's impossible to garantee.
--
Andrey Koltsov
With TCP you basically don't know
On Mar 3, 2009, at 11:15 PM, Peter Byldner wrote:
Chris,
you can use command asn1parse to analyze the s/mime data stream.
Awesome. Thanks.
Using this:
openssl smime -decrypt -in crypt.eml -recip cert.pem -inkey
cert.key.pem -pk7out | openssl asn1parse
Works great. It's reporting my
I've been using openssl smime to learn a bit more about how it works
and have managed to decrypt and verify messages.
I was wondering if there's a way to feed openssl an S/MIME message and
get information about what encryption algorithm was used... Any help
appreciated.
that's compatible with being run inside Apache.
Cheers, Chris.
--
_ __ _
\ __/ / ,__(_)_ | Chris Wilson at qwirx.com - Cambs UK |
/ (_/ ,\/ _/ /_ \ | Security/C/C++/Java/Ruby/Perl/SQL Developer |
\__/_/_/_//_/___/ | We are GNU : free your mind your software
on the same port. Configure Tomcat to use a
different port for HTTPS.
Cheers, Chris.
--
_ __ _
\ __/ / ,__(_)_ | Chris Wilson at qwirx.com - Cambs UK |
/ (_/ ,\/ _/ /_ \ | Security/C/C++/Java/Ruby/Perl/SQL Developer |
\ _/_/_/_//_/___/ | Stop nuclear war http://www.nuclearrisk.org
-key_cryptography
Hint: the private key is NOT in the packets.
Cheers, Chris.
--
_ __ _
\ __/ / ,__(_)_ | Chris Wilson at qwirx.com - Cambs UK |
/ (_/ ,\/ _/ /_ \ | Security/C/C++/Java/Ruby/Perl/SQL Developer |
\ _/_/_/_//_/___/ | Stop nuclear war http://www.nuclearrisk.org
the same way as the one on
Linux/Unix does. No magic. If your Windows shop finds that too difficult
to deal with (e.g. having to remember command line options) then I'm not
aware of an OpenSSL GUI that could be used. Perhaps PGP for Windows might
provide what you want, with a GUI?
Cheers, Chris
All -
I am using OpenSSL with memory BIOs for the communication. I have
everything working just fine, until I came across a server that sends
Application data in the final packet of the TLS handshake.
Specifically, Wireshark shows the following in its output :
Change Cipher Spec,
certificate to 2's
bundle).
Cheers, Chris.
--
_ __ _
\ __/ / ,__(_)_ | Chris Wilson at qwirx.com - Cambs UK |
/ (_/ ,\/ _/ /_ \ | Security/C/C++/Java/Ruby/Perl/SQL Developer |
\ _/_/_/_//_/___/ | Stop nuclear war http://www.nuclearrisk.org
!
--
Thanks,
Chris de Vidal
You're a good person? Prove it and win:
TenThousandDollarOffer.com
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
We need to change the hostname of our CA. Actually, we'll be moving
from CentOS 3.9 to Windows 2003, from built-in OpenSSL to XAMPP's
OpenSSL. But it seems to me that the only difference that SSL clients
will notice is the new hostname.
Anyone know how to do this?
--
Thanks,
Chris de Vidal
can just shut down the old CA and start
up a new one? I'll add the new CA cert to the list of trusted root
CAs through Active Directory.
--
Thanks,
Chris de Vidal
You're a good person? Prove it and win:
TenThousandDollarOffer.com
Client: Mac OS X 10.5.5 (OpenSSL 0.9.8g 19 Oct 2007)
Server: Astaro Security Gateway (with self-signed certificate)
Background:
This broke months ago and I have never been able to figure out where
the problem is. The problem started when I was upgrading this
appliance from Version 6 to
on why this works?
On Tue, Aug 26, 2008 at 2:50 PM, Chris Zimmerman
[EMAIL PROTECTED] wrote:
Well, those attributes will work (minus the IKE one-it was not
recognized) but the Watchguard does not assign it with a type of
IPSec, so I've contacted Watchguard support to request the expected
to require this.)
-Kyle H
On Mon, Sep 8, 2008 at 2:29 PM, Chris Zimmerman
[EMAIL PROTECTED] wrote:
Here's what I had to add to the config to get it to work (as listed by
the vendor):
[ new_oids ]
pkixeku=1.3.6.1.5.5.8.2
ikeIntermediate=${pkixeku}.2
[ usr_cert ]
keyUsage
That command seems to have a syntax problem, showing: unknown option
[cert.pem-inserted my cert here]
On Mon, Aug 25, 2008 at 10:55 PM, Tim Hudson [EMAIL PROTECTED] wrote:
Chris Zimmerman wrote:
I am working to setup a Watchguard firewall with x509 certs for VPN
tunnels. I have created my
:4e:
ed:ec
On Tue, Aug 26, 2008 at 9:14 AM, Kyle Hamilton [EMAIL PROTECTED] wrote:
openssl x509 -in [filename] -noout -text -inform PEM
-Kyle H
On Tue, Aug 26, 2008 at 8:44 AM, Chris Zimmerman
[EMAIL PROTECTED] wrote:
That command seems to have a syntax problem, showing: unknown
What is the appropriate section?
Sorry if this is a basic question, but I am working on improving my knowledge.
On Tue, Aug 26, 2008 at 10:24 AM, Patrick Patterson
[EMAIL PROTECTED] wrote:
Chris:
On Tuesday 26 August 2008 12:58:22 Kyle Hamilton wrote:
There is no ExtendedKeyUsage extension
, Chris Zimmerman
[EMAIL PROTECTED] wrote:
What is the appropriate section?
Sorry if this is a basic question, but I am working on improving my
knowledge.
On Tue, Aug 26, 2008 at 10:24 AM, Patrick Patterson
[EMAIL PROTECTED] wrote:
Chris:
On Tuesday 26 August 2008 12:58:22 Kyle Hamilton
This /should/ do it, but since I don't do anything with IPsec I can't
test it. My reference is
http://www.alvestrand.no/objectid/1.3.6.1.5.5.7.3.html
-Kyle H
On Tue, Aug 26, 2008 at 1:17 PM, Chris Zimmerman
[EMAIL PROTECTED] wrote:
Thanks to all of you in your assistance. With the recommended changes
I am working to setup a Watchguard firewall with x509 certs for VPN
tunnels. I have created my own CA on my laptop and I have created a
CSR on the Watchguard product. I have then signed the CSR with my CA
certificate successfully which then imports into the Watchguard.
Here's the problem:
);
CRYPTO_set_locking_callback( ( void (*)( int, int, const char *, int
) ) openSSLLockCB );
}
static void freeOpenSSLLocks()
{
CRYPTO_set_id_callback( NULL );
CRYPTO_set_locking_callback( NULL );
}
Chris,
On Wed, Aug 13, 2008 at 6:27 AM, Kyle Hamilton [EMAIL PROTECTED] wrote:
Most
ESI = 0003
EDI = EIP = 109549E0 ESP = 022DFD14 EBP = 022DFEE4 EFL = 0202
Thanks
Chris
--
Chris Hatko
Email: [EMAIL PROTECTED]
iMsg: [EMAIL PROTECTED]
__
OpenSSL Project http
This is a completely stupid question, but is there a command line option
from openssl to add use CRLF instead of just CR. Running unix2dos after
the file is made is not an easy option in Windows...unfortunately.
Chris Hinshaw
Avocent - Redmond Engineering
[EMAIL PROTECTED]
by OpenSSl, there is no problem.
-Chris
On 7/17/08, Alan Wolfe [EMAIL PROTECTED] wrote:
Thats kind of difficult because we are making a retail video game that uses
libcurl to talk http for one of the minor features the game has.
We've already had commercials on tv and tons of advertisements
the Alleged prefix, providing you list them as the trademark
owner.
Disclaimer: I am not a lawyer, and I suggest you contact RSA directly
to confirm this information on your own.
-Chris
__
OpenSSL Project
I tried this here, and it accepted the Organization Name that you provided
long Name problems making Certificate Request without any errors.
As you can see, this name is only 45 characters long, and the maxsize
is 64 characters.
-Chris
On 6/9/08, Florian Lindner [EMAIL PROTECTED] wrote:
Hallo
GMT
notAfter=Feb 10 13:05:22 1902 GMT
Clearly it wrapped around and subtracted 68 years from 1970 instead of
adding 68 years.
Is there a plan to remove this limitation ?
I am seeing this on openssl-0.9.7m.
Thanks
Chris Kottaridis([EMAIL PROTECTED
Chris Kottaridis([EMAIL PROTECTED])
On Thu, 2008-06-05 at 18:22 +0100, [EMAIL PROTECTED] wrote:
Hi,
When trying to make a certificate for 30 years seems you run into the
2038 date limitation. Seems the code converts date to a signed int in
seconds since 1970 and now that we are within 30
date ?
Thanks
Chris Kottaridis([EMAIL PROTECTED])
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager
.
Thanks
Chris Kottaridis([EMAIL PROTECTED])
On Thu, 2008-06-05 at 17:42 -0400, Jim Adams wrote:
What OS did you have this problem on? I use Openssl 0.9.7m on Windows to
generate
certificates, and I was able to generate certs beyond 2038
generally accepted that on 32 bit
machines you can't generate certificates past 2038. That's really all I
was looking for here is that it's just generally accepted to be a
limitation.
Thanks
Chris Kottaridis([EMAIL PROTECTED
On 5/15/08, PoWah Wong [EMAIL PROTECTED] wrote:
Is there some cipher suites more secure than SSL_RSA_WITH_RC4_128_MD5
(RC4-MD5) so that they should replace RC4-MD5?
The AES 256-bit cipher suites are not only more secure then RC4, they
are also much faster. :)
-Chris
supports RC4
then it will be selected instead.
-Chris
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager
Chris
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
of the
SignedInfo element?
Thank you for your continued help.
Chris
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Tuesday, 5 February 2008 6:34 a.m.
To: openssl-users@openssl.org
Subject: RE: RSA_verify problem
Hello,
I am now
and Exponent values match those that are received on the client.
Is there some step I am doing incorrectly or something I am still missing?
Thanks
Chris
I have a server application using openssl, and I have a server
certificate which is chained to a root CA via intermediate certificates
If I load the chained certificates onto the clients, all works well, but
then I have to do this on every client.
I feel sure there is some trivial way to
and assigning
them to a RSA structure (n and e).
5) Calling RSA_Verify with 'NID_sha1', the 20 byte hash, the 128 byte
signature value, a signature size of 128, and the previously populated RSA
structure.
Is there something I am doing incorrectly here?
Thanks
Chris
I have modified this and am passing the Base64 decoding length to Bn_bin2bn
but I still get data too large for modulus errors. The modulus is 128
bytes, the exponent 3 bytes and the signature value 128 bytes. The message
digest is 20 bytes.
Is there anything else I can check?
Thanks
Chris
);
At the moment the error I get is bignum routines:BN_mod_inverse:no inverse
but I think this is because my exponent length is zero and maybe the modulus
length is incorrect.
Could you offer any further suggestions please?
Thanks
Chris
would really be appreciated.
Many Thanks
Chris Brown
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager
but I'm confused about what I should be passing to
RSA_verify, in what format it should be and whether I need to format in
anyway the values I am extracting from the xml before I pass them to the
function.
Any help anyone can offer would be much appreciated.
Chris
Hi all,
Anyone have experience of using ACs, or know where practical examples can be
found? I've been reading RFC 3281, but it would be nice to look at some
real-world code ...
Thanks,
--
Chris Gray/k/ Embedded Java Solutions BE0503765045
Embedded Mobile Java, OSGihttp
InstallShield or Wise installer
installation, and these files can be placed in the same directory as
your main application. There is no need to register these DLL's in
Windows.
-Chris
__
OpenSSL Project
for XMMWORD?
Can anyone tell me how XMMWORD should be defined?
-Chris
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager
/cw0399sf(VS.80).aspx
which indicates that I need a newer ML from VS2005. Is that correct?
-Chris
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users
It mentions that the following include file is needed to assemble SSE3
instructions: 'include ia_pni.inc'
Can anyone tell me where to find this, or of there is a simpler
solution for compiling 0.9.8F for Windows?
- Chris
are:
COPYING
nasm.exe
ndisasm.exe
Can anyone tell me what I am doing wrong?
-Chris
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
? Or is there something else I can try?
openssl x509 -noout -fingerprint -in server.crt
SHA1 Fingerprint=6B:41:50:43:6A:E9:26:CB:66:98:19:20:42:11:BF:9E:68:AA:E0:34
Thanks,
--
Chris
A quick update on this issue. After digging through some untouched
code, I discovered that the server was writing data directly to the
port instead of the SSL_SOCK_Stream. Problem solved. Thanks for all
of your help.
On 12/11/06, Marek Marcola [EMAIL PROTECTED] wrote:
Hello,
Hrm... ssldump
server. I am getting
a Length mismatch error following the client key exchange. In this
run, the server ctx is set to receive SSLv23, the ssl on s_client was
not specified. Would the Length Mismatch indicate a bad key?
Thanks,
Chris.
New TCP connection #5: localhost.localdomain(41722
On 12/11/06, chris busbey [EMAIL PROTECTED] wrote:
On 12/11/06, Marek Marcola [EMAIL PROTECTED] wrote:
It almost seems like the server is accepted SSL3 msgs, but sending out
another protocol type. Any suggestions?
If you using Linux, can you send ssldump or wireshark dump
of this session
Another trial forcing tls1 on both sides of the connection did not
result in the above Length Mismatch error. Here is the output of
that trial's ssl dump. Any thoughts?
New TCP connection #67: localhost.localdomain(42489) -
localhost.localdomain(5758)
67 1 0.0032 (0.0032) CSV3.1(95)
On 12/11/06, Marek Marcola [EMAIL PROTECTED] wrote:
Can you send ssldump with -aAdN options ?
Certainly. (Certificate details have been obfuscated)
New TCP connection #8: localhost.localdomain(48429) -
localhost.localdomain(5758)
8 1 0.0028 (0.0028) CS SSLv2 compatible client hello
Version
On 12/11/06, Marek Marcola [EMAIL PROTECTED] wrote:
This TLS1 looks good, but sorry I've forget xX options,
so output from ssldump -aAdNxX should give more information
(SSL packet dump) with ending error.
Hrm... ssldump fails during the handshake with a 'Length Mismatch
error with the xX
On 12/8/06, Dr. Stephen Henson [EMAIL PROTECTED] wrote:
On Fri, Dec 08, 2006, Chris Covington wrote:
On 12/8/06, Dr. Stephen Henson [EMAIL PROTECTED] wrote:
Windows allows up to 32 character passwords. It seems when openssl
exports a 32 character password pkcs12 file, Windows does
the password is incorrect. Has anyone found some kind of
limit to the Export password Windows can use?
Chris
ps - the openssl Export password can be up to 31 characters. Once I
hit that 32nd character, Windows doesn't recognize the password.
However, if I use the Active Directory CA, I can correctly import the
32 character password?
Chris
? I'm using 0.9.8.d
Chris
On 12/8/06, Chris Covington [EMAIL PROTECTED] wrote:
ps - the openssl Export password can be up to 31 characters. Once I
hit that 32nd character, Windows doesn't recognize the password.
However, if I use the Active Directory CA, I can correctly import the
32 character
On 12/8/06, Dr. Stephen Henson [EMAIL PROTECTED] wrote:
On Fri, Dec 08, 2006, Chris Covington wrote:
pps - if I import the openssl pkcs12 bundle with a 31 character
password, then export it using the Windows GUI with a 32 character
password, that 32 character password works as well. How can
character password under Windows excludes
the double null terminator. If so then thats a bug on Windows.
Thanks for looking into it! Let me know if I can help in any way.
Chris
__
OpenSSL Project http
On 11/24/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Hello,
I am using openssl 0.9.7a running on Linux RedHat 9.0.
Maybe you should try using a recent version and seeing if the problem
still persists?
Chris
__
OpenSSL
101 - 200 of 368 matches
Mail list logo