> Automated List Manager [EMAIL PROTECTED]
--
Holger Reif Tel.: +49 361 74707-0
SmartRing GmbH Fax.: +49 361 7470720
Europaplatz 5 [EMAIL PROTECTED]
D-99091 Erfurt WWW.SmartTrust.com
___
doing outside of OpenSSL);
> but if there are standard values I want to use those.
--
Holger Reif Tel.: +49 361 74707-0
SmartRing GmbH Fax.: +49 361 7470720
Europaplatz 5 [EMAIL PRO
t; buffer = malloc(len);
pcBuffer = buffer;
> len = i2d_X509(x, &buffer);
> ...
> The result in buffer is not correct.
The result pointed to by pcBuffer is correct.
> Is anything wrong with the process?
--
Holger Reif Tel.: +49 361 74707-0
SmartRing GmbH
m had choosen a soltuion that
permits the transition from SSLeay to OpenSSL while adhering to
the original license conditions.
Hopefully this explains, why it is impossible to provide a GPLed
OpenSSL.
best regards
--
Holger Reif Tel.: +49 361 74707-0
SmartRing GmbH F
http://www.openssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
--
Holger Reif Tel.: +49 361 74707-0
SmartRing GmbH Fax.: +49 361 7470720
openssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
--
Holger Reif Tel.: +49 361 74707-0
SmartRing GmbH Fax.: +49 361 7470720
Europaplatz 5 [EMAI
[EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
--
Holger Reif Tel.: +49 361 74707-0
SmartRing GmbH Fax.: +49 361 7470720
Europaplatz 5 [EMAIL PROTECTED]
D-99091 ErfurtWWW.SmartRing.
if you adopt a strategy of 2 years
CA cert validity, 1 year active usage and overlapping validity.
> The whole hash thing is IMHO a bit of a hack anyway, it relies on
> symbolic links which wont work under e.g. Windows and it can only look
You don't need symbolic links, you c
rrect.
>
> Does the 'ca' package have renew function?
no.
> In addition, I can't sign certs with same dn but non-overlapped valid period (I use
>the -startdate option). Also, the ssleay.doc said index.txt has a status 'E' for
>expiry. How can I a
com.key >
>www.windreiter.com.csr
> Using configuration from /usr/local/openssl-0.9.4/openssl.cnf
> Unable to load config info
Your config file has not been found.
Try openssl req -config where_your_openssl.cnf_is -new -key
../private/www.windreiter.com.key > www.windreiter.com.csr
--
Hol
ryptography; Richard E Smith, 1997, Addison Wesley Longman
>Inc, ISBN: 0-201-92480-3
> (in addition to schneier AC of course).
--
Holger Reif Tel.: +49 361 74707-0
SmartRing GmbH Fax.: +49 361 7470720
Europaplatz 5 [EMA
ng ssl Thawte certs under freebsd/Apache
> using mod-ssl? I am having a problem getting two certs installed and am
> looking for someone to go in and get it done.
--
Holger Reif Tel.: +49 361 74707-0
SmartRing GmbH Fax.: +49 361 7470720
Europaplatz 5
ve.
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
--
Holger Rei
n means; can
> someone help me out?
> Thanks
> Greg
>
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Automate
s underlaying
library!
> Also, where can i find detailed documentation about OpenSSL?
www.openssl.org, the mailing list archives and unfortunately
the source code...
> Thanks.
>
> Baris Sahin
> [EMAIL PROTECTED]
> [EMAIL PROTECTED]
--
Holger Reif
cert,server cert,client cert) only to
> take a look into the s_client and s_server?
No, s_client gives a warning about the CA cert not
accessible but you can connect after that w/o problems.
--
Holger Reif Tel.: +49 361 74707-0
SmartRing GmbH Fax.
ee at http://auctions.yahoo.com
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Automated List Manager
Dr Stephen Henson schrieb:
>
> Holger Reif wrote:
> >
> > BUT: only one CSP signed by everybody and his dog can be
> > loaded at any given time since the replacement NSAKEY is
> > different for every provider.
>
> Eh?
>
> This need not be the case
Michal Trojnara schrieb:
>
> J._Andrés_Hall wrote:
> > Not really, because (in theory at least!) CryptoAPI CSPs
> > (Crypto Service Provider modules that implement the algos
> > offered by CryptoAPI) need to be digitally signed by Microsoft
> > in Redmond for your security and to keep the NSA fro
Marty Wise schrieb:
>
> I compiled Apache 1.3.9 / Openssl 0.9.4, rsaref2, mod_perl, etc.
[...]
> Any idea where to look for the cause?
In the archives of either mod_ssl or Apache-SSL users mailinglist?
In case of mod_ssl you can try to use the dbm implementation
delivered with mod_ssl itse
openssl rsa -inform DER -in file.der -out file.pem [-des|3des|...]
eric lannaud schrieb:
>
> Hi,
>
> How to convert a Private key in DER Format (binary file) to a PEM
> Format(ascii file)?
>
> Thank you for your help
> Eric
--
Holger Reif Tel.: +
friend as
well with "openssl base64 -e"
--
Holger Reif Tel.: +49 361 74707-0
SmartRing GmbH Fax.: +49 361 7470720
Europaplatz 5 [EMAIL PROTECTED]
D-99091 ErfurtWWW.SmartRing.de
_
are:
1.) Is it worth implementing a crypto provider based on
OpenSSL and ship it with a key replacement during install?
2.) Who would volonteer it?
Please restrict your answers to the topic. Especially
do not consider rambling about MS, NSA, crypto restrictions
and the like! Tha
gt; Belle Systems
> E-mail: [EMAIL PROTECTED]
> Tel.: +45 59 44 25 00
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Automated List Manager [
y, do I have to
> face any import restrictions to the United States for my own programs
> because of including function calls to SSL libs?
No, you havn't. But, with a look at your suse background, you
should make shure your once imported code never gets reexported
again.
--
Holger Reif
ay req -x509 -key ../private/www.xxx.com.key -in www.xxx.com.csr >
>www.xxx.com.crt
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Au
appy about ;-)
But back to the original question. I think it's really
Bug and should be handled by BN_dup() internally.
--
Holger Reif Tel.: +49 361 74707-0
SmartRing GmbH Fax.: +49 361 7470720
Europaplatz 5 [EMAIL PROTECTED]
D-99091 Erfu
Kaur Virunurm schrieb:
>
> I agree with your philosophy, mr. Reif: the CA has certainly
> the authority to decide what to include in the cert, but:
>
> > Wether there should be a big flash "Hey, the user wants to
> > trick you into something!" is another question.
>
> That's it, but not only. R
sure that all goes the way *you* like. Why should you
care about the wishes of the users?
--
Holger Reif Tel.: +49 361 74707-0
SmartRing GmbH Fax.: +49 361 7470720
Europaplatz 5 [EMAIL PROTECTED]
D-99091 Erfurt
Crispin Cowan schrieb:
>
> Holger Reif wrote:
>
> > The mailing list's opinion is right. If you want to confirm
> > yourself just check the cipher suite offerings in your navigator
> > and your MSIE.
>
> How do I do that? I checked all the cipher su
___
> OpenSSL Project http://www.openssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
--
Holger Reif
__
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
--
Holger Reif Tel.: +49 361 74707-0
Smart
what happens is that you read the command to send to
> the remote web server, send it, and then quit before
> the response can be read in.
What about (cat file; sleep 15)| openssl s_client -options?
This way stdin is not closd until 15 seconds have elapsed.
--
Holger Reif T
E (or why it can't be matched to your certificate).
>
> -Alan-
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Autom
Navigator yes, MSIE3 not at all, MSIE4 sometimes, the later the
version the more often.
I never tested opera.
--
Holger Reif Tel.: +49 361 74707-0
SmartRing GmbH Fax.: +49 361 7470720
Europaplatz 5 [EMAIL PROTECTED]
D-99091 Erfurt
> OpenSSL Project http://www.openssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
--
Holger Reif
either go to modssl-users@... oder
apache-ssl@...
(2) This *is* a FAQ for both packages. Please check the
FAQs that are online for both packages.
--
Holger Reif Tel.: +49 361 74707-0
SmartRing GmbH Fax.: +49 361 7470720
Europaplatz 5 [EMAIL PROTEC
I want to check www.openssl.org/support/
I want to check www.openssl.org/support/
I want to check www.openssl.org/support/
...
Michael Slass schrieb:
>
> Where is the OpenSSL FAQ, or at least a searchable archive of this
> mailing list?
--
Holger Reif Tel.: +49 36
7;s own validity period ;-)
No, I'm not kidding, some reports have shown, this
is reality.
--
Holger Reif Tel.: +49 361 74707-0
SmartRing GmbH Fax.: +49 361 7470720
Europaplatz 5 [EMAIL PROTECTED]
D-99091 ErfurtWWW.SmartRing.de
old about it?
> Does anyone have any idea how I might be able to get the thing to compile so
> I can then attempt to get mod_ssl running?
--
Holger Reif Tel.: +49 361 74707-0
SmartRing GmbH Fax.: +49 361 7470720
Europaplatz 5 [EMA
nSSL creates a randseed file
in which random state is saved and used if needed. In your
case after first seeding this file (with make test which
does key generation etc.) it is used again and again.
--
Holger Reif Tel.: +49 361 74707-0
SmartRing GmbH Fax
witch of req for the modulus.
The public exponent (which is most likely 2^16+1) you can
grab from the -text output. Not as convinient as you would
like, but it should work.
--
Holger Reif Tel.: +49 361 74707-0
SmartRing GmbH Fax.: +49 361 7470720
Europapla
Dr Stephen Henson schrieb:
>
> Holger Reif wrote:
> >
> > Wouldn't it be a
> > good idea to include it as "openssl rsa -verify"?
> >
>
> Hmmm I was thinking of something analagous for some time but never got
> round to it. There should
Dmitry Morozovsky schrieb:
>
> On Tue, 29 Jun 1999, Holger Reif wrote:
>
> [skip]
>
> > BTW why do you think it's wrong to issue completely
> > new certs for your users that already have other
> > certs? Don't you have more than one oficial id
>
ank You,
> -Nop
>
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Automated List Manager [
ficial id
document like passport, drivers licence etc.
If you want to rely on other's CA work you should
make some restrictions with SSLRequire directive.
--
Holger Reif Tel.: +49 361 74707-0
SmartRing GmbH Fax.: +49 361 7470720
Europaplatz
s:SSL3_GET_CLIENT_HELLO:no shared cipher
>
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Automated List Manager
printf("%s\n", ERR_error_string(ERR_no, NULL));
return(-1);
}
if (BN_cmp(rsa->n, bn) == 0)
{
printf("Test passed\n");
}
else
{
printf("Test not passed\n");
}
return(0);
}
---snip-
> Hemant
>
> -Original
ctv.es/PGP-STAFF/carles.html
> Tel: +34 96 584 52 91 - Fax: +34 96 584 48 96
> ---
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Automated List Manager
List[EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
--
Holger Reif Tel.: +49 361 74707-0
SmartRing GmbH Fax.: +49 361 7470720
Europaplatz 5 [EMAIL
nd alone applications that automatically start up like
webservers you must trust the file protection mechanism to
not give out the key to the wrong person...
--
Holger Reif Tel.: +49 361 74707-0
SmartRing GmbH Fax.: +49 361 7470720
Europaplatz 5 [EMAIL
ct http://www.openssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
--
Holger Reif Tel.: +49 361 74707-0
SmartRing GmbH Fa
_
> OpenSSL Project http://www.openssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
--
Holger Reif
Erwann ABALEA schrieb:
>
> On Wed, 9 Jun 1999, Holger Reif wrote:
>
> > ÃÖ¿ë»ï schrieb:
> > >
> > > Basic assumption here is,
> > > 1. RSA Key size : 256
> >
> > Just remember, this counts for 32 byte...
> >
> > > 2. size of m
==
> Æò»ý ¾²´Â ¹«·á E-mail ÁÖ¼Ò ÇѸÞÀϳÝ
> http://www.hanmail.net
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing List
relevant lines in apps/x509.c ;-)
Mario Fabiano schrieb:
>
> How can I convert a certificate obtained with openssl CA from PEM to
> PKCS#10 format?
> Thank you in advance for any help.
--
Holger Reif Tel.: +49 361 74707-0
SmartRing GmbH Fax.: +49
ct http://www.openssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
--
Holger Reif Tel.: +49 361 74707-0
SmartRing GmbH Fax.: +49 361 747
in past) My
> program didn't make through link editting. The linker (AIX 4.2.1)
> complains the presence of an undefined symbol called
> .__umoddi3. The symbol is located inside the object "bnword.o" . Any
> idea what is missing in my link edit command.
--
Holger Reif
n the
> record protocol with null compression, MAC and and encryption algorithms, or
> does the record layer not come into play until the handshake is finished.
Record layer is below the whole stuff (menaing the
handshake protocol itsself uses the record layer as
well).
--
Holger Reif
___
> OpenSSL Project http://www.openssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
--
Holger Reif Tel.: +49 361 74707-0
SmartRing GmbH
sage of the private key during key exchanges.
A typical smart card might be able to do 2 private key ops
per second. Even with the help of session caching this means
you can only serve with a reate of 2 clients per second. This
is not extremely much...
--
Holger Reif Tel.: +49 3
don'T ask me why the didn't use
their own CryptoAPI - perhaps because it didn'T cvered some
necessary "raw" crypto operations ;-)
I'm not sure wetejhr it is on the MS website, but I remember
having seen it once upon the time on the Thawte support site.
> Gracias,
&
e. That would require to detect some fingerprint
in the ClientHello msg of the browser. This is neither specified
somewhere nor by mistake "implemented" in some browsers ;-)
--
Holger Reif Tel.: +49 361 74707-0
SmartRing GmbH Fax.: +49 361 7470720
Europ
[EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
--
Holger Reif Tel.: +49 361 74707-0
SmartRing GmbH Fax.: +49 361 7470720
Europaplatz 5 [EMAIL PR
__
> OpenSSL Project http://www.openssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
--
Holger Reif Tel.: +49 3
65 matches
Mail list logo
