on is still succeeding even after 30 days. Can someone please
tell me what I'm missing?
-David-
__
OpenSSL Project http://www.openssl.org
User Support Ma
Sorry to prolong this thread, but does the function X509_CRL_verify()
actually check to see if the CRL has expired? If not what function
performs this verification? I'm confused as to the actually mechanics of
using the default_crl_days in code.
-David
> That'd do it. But if you're doing the loop in that sequence, and
> if you have
> set non-blocking on the sockets, then instead of polling for the
> connection
> you can use select or poll (depending on your platform) to wait
> for incoming
> connection activity, then enter ssl_accept in blocking
Why will a ca generated in openssl result in an authentication error if
this root cert is installed on a phone? I am using the root cert to
validate a java signed "midlet" for a phone...
The phone does not use any other certs to validate my cert and it does
not access the web to validate a cer
to the
phone etc, but the certs I create do not validate a java midlet I
get an authentication error.
Please help!
David
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
> This is a follow on from my last post as the text lost its formatting.
>
> How do I change the utc time of a certificate to a smaller format
> (whilst creating a cert):
> 18082107Z - there are lots of zeros in this format, openssl
> gives less.
There is never more than one way to re
make them work).
The commands are fairly similar, just create a .bat file with those
commands and things should work.
David Templar wrote:
I think I can help you with PC certs - I am having trouble with phone
certs though :(
openssl genrsa -out ca.key 1024 (or whatever size key you want) you
I think I can help you with PC certs - I am having trouble with phone
certs though :(
openssl genrsa -out ca.key 1024 (or whatever size key you want) you can
also chose dsa or dsa1 etc
and
openssl req -new -x509 -key ca.key -out cacert.pem -config [the name of
the config file] - you can als
e my certs (if I have 1 old cert on the phone) but it considers
it as part of the old cert - with its expiry date etc?
David Templar wrote:
Ignore my last post - I forgot the extra 0s are the hhdd etc...
But I am having a problem - I have deleted all files on my phone, but
I cannot get it to
s appreciated!
RGDS
David
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Thanks.
David Schwartz wrote:
I am having a lot of problems importing a certificate made in openssl
into a phone, but I can get a keytool certificate imported. The only
thing is that I need to change the V1 cert (keytool only makes V1) to a
V3 cert - can openssl modify a cert to a V3 (without
This is a follow on from my last post as the text lost its formatting.
How do I change the utc time of a certificate to a smaller format
(whilst creating a cert):
18082107Z - there are lots of zeros in this format, openssl gives less.
Also, how do I add a friendly name object - I have trie
Hi,
I am still stuck on the phone cert creation, but I am inching closer!
How do I generate a cert with only the below data to be included in the
certs? What should be openssl.cnf have? What should be my genrsa be? and
do I need to do anything else? I have attached the asn1parse output of
the
> I am having a lot of problems importing a certificate made in openssl
> into a phone, but I can get a keytool certificate imported. The only
> thing is that I need to change the V1 cert (keytool only makes V1) to a
> V3 cert - can openssl modify a cert to a V3 (without changing anything
> else)?
I am having a lot of problems importing a certificate made in openssl
into a phone, but I can get a keytool certificate imported. The only
thing is that I need to change the V1 cert (keytool only makes V1) to a
V3 cert - can openssl modify a cert to a V3 (without changing anything
else)?
_
motorola phone, but the openssl
cert can be installed (it is not fully recognized though).
How do I configure openssl to create a root certificate exactly like the
microsoft one (except for the key etc...)?
Thanks.
David
00ú Á <<Ñ>[EMAIL PROTECTED]
*H÷
. I have changed the
extension of the attached cert to .txt as the openssl forum does not
accept .crt.
Thanks for your great tip! I am now 90% there!
RGDS,
David
Dr. Stephen Henson wrote:
On Tue, Jul 12, 2005, David Templar wrote:
Hi all,
I am really stuck and have tried all I can - I
Thanks, I will try this within the next hour to see what happens. Is
there a key size or any other issues that I need to consider when I
generate a new cert now?
Dr. Stephen Henson wrote:
On Tue, Jul 12, 2005, David Templar wrote:
Hi all,
I am really stuck and have tried all I can - I
orum or to anybody
who
knows flex operating system (the one from Motorola).
Daniel
Díaz
[EMAIL PROTECTED]
De:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] En
nombre de David Templar
Enviado el: martes, 12
de julio de
2005 20:01
Para:
openssl-users@openssl.org
Asunto
because openssl (I have been using
for many years) comes with cert creation abilities - it has helped me
for many years with PC java!
Also, I was hoping I would be able to ask many crypto experts on the
forum!
RGDS
David
Pablo J Royo wrote:
I suppose this is not the right forum to ask for
and appreciated - even if you cannot help,
please tell me where I can get some help...
Thanks in advance,
David
0©0 0
*H÷
0y10 UUS10UIllinois10ULibertyville10U
Motorola Inc10
UPCS10UMotorola Java CA400
03082107Z
posting does not allow .crt files to be attached.
Please tell me how to create my own certificates like it either using
openssl or any other tool.
Thanks in advance,
David
0©0 0
*H÷
0y10 UUS10UIllinois10ULibertyville10U
Motorola Inc1
Hi all,
Please help me! I am trying to work out the format of this certificate
and then make my own certificates like it. It is a root certificate for
verification of signed java midlets on a moblile phone (Motorola).
All help appreciated. I need to know the type, format and how to make my
o
> Does openssl (9.0.9.7g or 0.9.8beta6) allow creating certs (signing
> others' public keys) without havign their private keys presented to the
> signer?
Of course,
> [For having to bring private key along with the public key sort fo
> defeats the whole purpse PKI.]
Exactly.
Thanks for the reply, don't know how I missed that
one, perhaps the name SSLv23 is confusing because it
doesn't contain TLS.
-David
--- Cesc <[EMAIL PROTECTED]> wrote:
> Why don't you try SSLv23_client_method()?
> You can also use the set_options (for the SSL
>
()
first, and if that fails then try
SSLv3_client_method()? Can these be done over the
same socket connection or will the server disconnect
if TLSv1 is not supported?
Thanks,
-David
__
Yahoo! Mail Mobile
Take Yahoo! Mail with you! Check email
wer might be whatever
"openssl ciphers" prints out:
"EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA: etc."
Thanks for any comments,
-David
Yahoo! Sports
Rekindle the Rivalries. Sign up for Fantasy
> I see things for adding entropy, loading files, etc. I don't see
> anything about generating random numbers. Am I missing something so
> obvious if it was a snake it would have bitten me by now?
RAND_bytes
DS
___
> Generating one or two random numbers over a period of time isn't a big
> deal. Generating 100,000+ 128 bit random numbers an hour taxes
> /dev/random and /dev/urandom. Even the use of EGAD doesn't help.
Right.
> If you re-read the thread you will see that I wrote what I thought was a
> I can't add anything beyond what is available on a AMD or Intel
> motherboard. So is there a built-in HRNG that I can get to (if so, where
> is the driver for it)?
Use /dev/urandom to seed your own PRNG. Or use it to seed OpenSSL's
PRNG.
Why are you asking on this list anyway?
Strictly speaking 1.2.840.113549.1.5.13 is the OID for the "PBES2 encryption
scheme" from PKCS#5 V2.
Dave
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listope
Gurus,
Two questions (perhasp I should have split this)
#1 When I look at Thawte or VeriSign certs that a server has there is a heirichy, Thawte then Me or VeriSign then Me.
Well I made my on CA and signed some certs but they don't have the heirichy like the commercial ones. What gives? Do
. non-voluntary.
At 07:20 PM 6/16/2005, you wrote:
On Thu, Jun 16, 2005 at 06:33:53PM -0700, david wrote:
> Like the commentator, I'm also a little guy. In my case, I'm a retired
guy
> who got his intro to this stuff from Entrust. I got convinced that their
> two (or mor
> Pease help to fill in items that I might have missed :)
The security risk that this non-standard scheme might introduce an
unforseen vulnerability. This is, IMO, as likely as that it will protect
against some unforseen vulnerability -- the alleged reason for the scheme.
DS
__
row, it just
allows for it to happen when appropriate. Yet, it allows for a separation
of confidentiality and identity proof.
David Kurn
At 06:07 PM 6/16/2005, you wrote:
Like everyone else, I say this consultant doesn't know what he's
talking about (I'm tempted to ask you t
> Thanks all for replying. More heated debates I guess.
How can there be a heated debated when there is not yet one argument
advanced in favor of the double certificate scheme?
DS
__
OpenSSL Project
I've not been there, but is it possible that this is a PKCS#12 bag?
Dave
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated
Thank you Heikki Toivonen and Goetz Babin-Ebell, your
suggestions were very helpful.
-David
> david kine wrote:
> > How does one load verify locations into a SSL_CTX
> from
> > in-memory X509 certificates?
>
> You can get the X509_STORE from the SSL_CTX.
> There yo
>If you want to separate the signature key from the encryption key, you
should have 2 keys, and not one key with 2 certificates.
Totally agreed - the reason for using key separation is that encryption keys
will (typically) have a shorter life time than signing keys (at least for
certificate valid
I am writing an SSL client which utilizes a PKCS12
keystore.
I am able to create the keystore using OpenSSL
utilities, read the .p12 file using d2i_PKCS12_fp(),
and parse it using PKCS12_parse(). The X509 and
STACK_OF( X509 ) return parameters are all correct.
The next thing I need to do is set
Howsabout using openssl req ?
That does what U want I think you will find.
Dave
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Au
> I was wondering if there is a list of all the hardware
> accelerators that openssl supports? Or at the very least if
> someone can tell
> me if this card from Intel would be supported by OpenSSL.
>
> http://www.intel.com/network/connectivity/products/pro100dport_adapter.htm
As I unders
> I want to use timeout with select and I wonder how to "cancel" operation
> (SSL_read or SSL_write non-blocking) that caused SSL_ERROR_WANT_READ (or
> *_WRITE). I've got messages queue to send (and one for received too). If
> I cannot send whole particular msg within some time (5 sec) I want to
>
> What I think is as its the application's responsibility to retry
> the "same" openssl operation whenever it receives a WANT_READ or
> WANT_WRITE, why cant we simply overwrite the buffer that is passed
> to say SSL_write with the next payload that needs to be sent when we hit
> that error code, i
> Ok...
>
> Sorry, maybe that was the wrong question altogether...
> I am trying to signal my blocking connection thread to end while
> OpenSSL is
> negotiating a connection with SSL_connect.
>
> Is there any way to tell SSL to stop once it enters SSL_connect, perhaps
> with a non-blocking appr
> Hi all quick question of you guru's.
>
> If I wish to check to see if data is ready to be read on my SSL connection
> do I just use normal "select" or is there something in the SSL libraries
> that I need to use?
You aren't asking a precise question. For example, if there's data that
co
Hello.
I am trying to connect to a secure
(https) webserver using PHP. The problem is that PHP needs to have
https as a registered stream (which it doesnt). I have installed OpenSSL,
and enabled the extensions in PHP.
Can I assume that OpenSSL doesnt add https as a
registered stream, o
startup from an initialisation file
(encrypted). I also noticed ENGINE_load_private_key etc use a
UI_method prompting for passphrase. Is there any way of initialising
the engine and keys etc without any user interaction?
David
> Adding to David's response...
>
> MSG_PEEK is problematic on some systems. On Windows for example
> (maybe only
> the 9x series, but a problem none-the-less) using MSG_PEEK will
> effectively
> freeze the contents of the buffered data that can be seen with MSG_PEEK,
> meaning that any further p
> Dr Stephen,
> I want to map recv(fd, buffer, SEGMENT_LEN, MSG_PEEK)
> to some kind of SSL_read.
>
> MSG_PEEK
> This flag causes the receive operation
> to return data from the
> beginning of the receive queue without
> removing that data from
> the q
> sprintf(head,"GET /index.html HTTP/1.1 \t\n\t");
That should be "GET /index.html HTTP/1.1\r\nHost: \r\n\r\n".
For
an HTTP/1.1 request, a 'Host' header is required. You also have to handle
chunked encoding if you claim 1.1 compliance.
> memset(read, 0, sizeof(read));
> res = SSL_read (
corresponds to the public key in it.
>
> You can now prove that you are you by presenting the certificate and then
> proving that you know the private key. This is usually done by challenging
> you to sign something with it or decrypt something with it.
>
> DS
On step 6, I thin
> Thanks to the both of you...Josh and Ken.
>
> My questions got answered and I have a better understanding.
>
> and now --
>
> So - I put SSL inside an i-frame and when the user comes into my website -
> accepts my certificate - from that point on all documentation sent either
> back and forth is
Have you installed the CA cert on the cisco?
David Gianndrea
Senior Network Engineer
Comsquared Systems, Inc.
Email: [EMAIL PROTECTED]
Web: www.comsquared.com
ray v wrote:
Has anyone been able to get a certificate signed by
openssl CA to accept the identity certificate?
1. Gen manual pkcs10
vate key.
Ok, so if it is not a problem if the cetifiacte is intercepted, how to "prove
that you are the party the certificate was issued to by demonstrating
possession of the private key " ?
Is it a special configuration the VPN ?
thx
david
Protek-on: CaraMail met en oeuvre un nouveau Concept de Sécurité Globale -
www.caramail.com
> This is why in my other replies to whomever - I made the
> statement about how
> fast all this can be done. It takes at least 3 good handshakes to get
> onboard a SSL site - but, what matters the most is that
> &*_*&)^&^)*_**;qwepqowifskljfas that surrounds the key - is intact and not
> minus o
> > > if somebody intercepts the certificate while it is in transit
> > > on the network, this person can use this certificate ?
> > If you have a certificate you can verify something that's been signed
> > with the private key, or you can encrypt something so that only the
> > holder of the priv
cepts a certificate it can use the VPN ?
(because the VPN server accepts all connection if it knows CA which signed the
certificate of the user)
thx for your answers
david
Protek-on: CaraMail met en oeuvre un nouveau Concept de Sécurité Globale -
www.caramail.com
Ok,
if somebody intercepts the certificate while it is in transit on the network,
this person can use this certificate ?
How a CA knows that the certificate is used by the good user or not in this
case ?
> De: Rich Salz <[EMAIL PROTECTED]>
> A: david <[EMAIL PROTECTE
When a CA signs a certificate request , then the certificate is sent to the user . for this, is the certifictate automatically encrypted with the user public key ?
thx
david
Interview 50 Cent 100% I am what I am...
hi all,
what is the use of the req_attribute "challengePassword" in a certificat request ?
How is it used ?
In which case is it used ?
thx
davidLa puissance n’est pas innée : elle se construit. Cliquez ici pour découvrir Nike Free !
> We're currently using the following to read a key from disk and use it
> in our application:
>
> SSL_CTX_use_certificate_file(my_ssl_ctx_save,"./SSL/pubcert.pem",S
> SL_FILETYPE_PEM);
> SSL_CTX_use_PrivateKey_file(my_ssl_ctx_save,"./SSL/privkey.pem",SS
> L_FILETYPE_PEM);
>
> This works, however,
> If using the third process to hold the SSL connection act like stunnel,
> But the performance is slower, so I prefer without the third process.
It's hard to give you good suggestions without knowing more about the
specifics of your application. But I think it should be possible to make
> But the SSL object structure is too complex,
> it containing too many pointer, and many other object pointer which also
> containing pointer.
>
> That is hard to translate all of them.
>
> Is there any method, that just pass some element of SSL structure
> connection
> to [Request Handler], then
Probably a good thing - all these zip files have been virus infested and I
don't think they are related to this mailing list at all in fact.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rajeev Aggarwal
Sent: 04 May 2005 11:47
To: openssl-users@openssl.
> Okay, interesting development. If I put a sleep(5); on the C client
> before I issue SSL_connect (but after I BIO_write "ssl on\n"),
> everything works fine. Otherwise both client and server deadlock on
> read/recv.
Makes perfect sense. The problem is that the server has already receive
3.2 million certs! That's going to be "fun" when you get to certificate
rollover time!!!
What CA you using (I guess not openssl ca for that volume).
Dave
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of ray v
Sent: 29 April 2005 05:00
To: openssl-users@
Also I'm surprised to see V3 cert with no KeyUsage section ...
It would also would be more normal to use Extended Key Usage to say it is
good for SSL Server etc. rather than use the old NetScape Cert Type ...
Dave
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Beh
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Cert Type:
SSL Client, S/MIME
Netscape Comment:
OpenSSL Generated Certificate
is why it is failing. The server certificate needs:
X509v3 extensions:
2 CMS specification
On Tue, Apr 26, 2005, David C. Partridge wrote:
> Is there any expectation that openssl will be enhanced in the near future
to
> support the current CMS specification which I think is RFC3852? If
> possible retaining support for the old PKCS#7 "Signed and Enveloped
Hello,
I am running fedora core 3 and trying to install openssl
0.9.7g. I am using gcc version 4.0.0 20050308, and GNU ld version
2.15.94.0.2 20041220.
using ./config no-asm shared
I get a huge list of errors similar to the following:
libcrypto.a(co86-elf.o)(.text+0x8c0)
Is there any expectation that openssl will be enhanced in the near future to
support the current CMS specification which I think is RFC3852? If
possible retaining support for the old PKCS#7 "Signed and Enveloped" message
format?
TIA
Dave
I am trying to access module protected keys with openSSL on an nCipher
HSM. We have been able to do this both using the with-nfast predicate
and through the openSSL code ENGINE_load_private_key. These both
prompt interactively for the password to access the keys.
Does anyone know of anyway that thi
t_error() where I can see something like
SSL_ERROR_WANT_READ) I can call?
Thanks,
-David-
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
config ca-manager.cnf -gencrl -out ca.crl
BUT it does not change anything, the client can connect to the server, I think the server does not check the CRL !
How can I do to tell to the server/client to check the CRL ???
thanks
david CaraMail met en oeuvre un nouveau Concept de Sécurité Globale
> Thanks for the info. One last question :) So if I am using blocking
> sockets, than would I ever get a WANT_WRITE error? I'm guessing no?
No, it should just block until it gets some application data or can send
the application data.
> But if I am using BIO pairs, and blocking socket
> > There may not be any application data, but there should
> > be data sent over the SSL connection.
> Protocol data? Like an ack for some previous data sent?
Well, remember no data at all can be sent until a key is negotiated. So
if
you immediately call SSL_write, it will be unab
> Yes, I think I understand what you are saying. If I get a
> WANT_READ from a
> call to SSL_write, that means I need to read some data before I can send.
Not quite, it means the OpenSSL engine must read some data (from the
socket) before you can perform the 'write' logical operation on
> Thanks for this explanation. As I read more, I think I am
> getting a better
> understanding of this. So unlike normal tcp connections, where a
> read juts
> reads, and a write just writes, SSL_read may write, and SSL_write
> may read.
> This is all done under the hood, so I don't need to be c
> I have an app where reads and writes happen from different threads.
> Now, ideally, one would envision that I just replace the reads/writes
> with SSL_read/SSL_write. Now I know it is not as simple as that.
You need to wrap each SSL connection with a lock and hold that lock when
you ca
g, or can I only use AF_INET sockets with BIOs?
Thanks in advance!
-David-
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openss
>I read many posts about multiple threads accessing
> a single SSL connection for read/write. I am still
> confused about the usage. What exactly is the truth?
You cannot access the same SSL connection from more than one thread at a
time.
> If I have a client SSL connection that
I dont have my book handy today, but is TLS just
another name for SSL or is it different? My development
group is looking into encrypting a client server app data
stream before putting it on the wire.
Im thinking that TLS is better suited for that.
--
David Gianndrea
Senior Network Engineer
> Is there any alternative API for SSL_CTX_load_verify_locations?
> SSL_CTX_load_verify_location ends up using STDIO calls and i am
> trying to avoid STDIO calls.
>
> I am stuck here and i need yr help to proceed further.
>
> Any help is appreicated.
Just add them to the verification tree
> I'm trying to implement an eap-tls server using openssl and
> I've found only few examples about using memory BIOs to
> perform a TLS handshake.
> Can you give me some pointer to documentation about this or
> to some examples?
>
> The code that I'm using is very simple:
>
>
> <...>
>
> Hi folks,
>
> I am new to openssl and I am trying to use a Thawte key with Mutt
> but I keep
> getting this error message:
>
> Verification failure
> 8458:error:21075075:PKCS7 routines:PKCS7_verify:certificate verify
> error:pk7_smime.c:222:Verify error:unable to get local issuer
certificate
>
>
> Thanx for replying. By live testing I mean, actual client connections
> that a server is supposed to accept. The client I developed is a very
> basic one and I have only tested it from localhost. I dont know if it
> will work from outside or not.
So you have no idea whether the client y
> I'm trying to write the public/private keys to a PEM file. I'm using the
book "Network Security > with OpenSSL" as a reference which says I need to
use PEM_write_DSA_PUBKEY, but I can't find
> this anywhere in the openssl source. I'm using 0.9.7d. I see
PEM_write_DSAPrivateKey, but
> nothing
> The most intriguing part is when I was writing this server, I
> developed a small client just to test connectivity. That client
> succeeds. However, when doing live testing not a single connection was
> accepted from outside. The test client was run on the same host. I
> obtained network traffic
> Has anybody tried compiling OpenSSL with NO_STDIO flag and
> successfully run without stdio library ? I don't want to use the
> stdio library since it does not recognize File descriptors >
> 256.. Hence i want to avoid stdio library and use the native OS calls.
I have never been able t
> Now coming to the first part of your comment. As I understand it, the
> manipulation of SSL connection
> needs mutex, but can the SSL_read(s) and SSL_write(s) be done from two
> threads independently?
It can be done from two threads, but it requires a mutex. Thus the two
threads are not
>My client and server has two threads each: a reader thread and a writer
thread.
>I have put the renegotiation code in the reader thread. It works for most
>of the time but occasionally the client gets an "Encrypted Alert" message
>( I suspect that this happens when the application data somehow ge
> Hi everybody,
>
> I hear about several methods for server's certificate creation.
> - one of them (through CA.pl) creates a root CA and then the server's
> certificate
> - an another one creates a root CA, then a server CA and finally the
> server's certificate.
> Why are there three stages? Is
Current recommendation is to put in the subjectAltName
extension.
Dave
> I'm trying (with no success) to detach SSL from a socket, and use it
> to crypt/decrypt using a mem BIO. Instead of using SSL_write, I want
> to write the encrypted data to a mem BIO (or just a buffer) and send
> it by myself (and do the reverse operation on receive). I will do this
> just after
> On Fri, 14 Jan 2005 21:10 pm, Eduardo Pérez wrote:
> > Do you know if it's possible to use SSL (or some other protocol) over
> > UDP running totally in user space.
> Not possible to use SSL. Some other protocol is potentially
> possible, but you
> haven't told us what you are trying to accompli
> Thanks, I had forgotten that the time that I am calculating it is not
> the time of the CPU and I was calculating the time of the data send
> with the time that is lost with other processes that the linux
> scheduler assign.
> Somebody how I can profile only the time spent by SSL_write and SSL_r
> Hello,
> I am trying to get the transfering time between a client and a server
> with different size of data because I want to know that ciphers are
> more efficient and after I can choose the cipher more efficient and
> secures, because I want build a library for to transfer data in mobile
> de
> > 2) Streams of entangled particles can generate shared
> > secrets where none
> > previously existed.
>
> No, not really, since the scheme described on page 80 of the Jan 2005
> Scientific American looks vulnerable to a man-in-the-middle attack.
In that case, it generates two share
> 3. QE and man in the middle
>
> NOW we are in a position to see how the combination of QE and
> key mixing can actually buy us something! Consider the plight
> of the man in the middle when both are being used. She cannot
> passively eavesdrop and record for further analysis because of
> the n
1301 - 1400 of 1807 matches
Mail list logo