Thanks, Steve,
… for your hard work, and that of the other Team Members. This week's
'excitement' illustrates how important it us to all of us.
(would be great to find a way around those 'hefty PayPal fees.)
Lou Picciano
- Original Message -
From: "Steve Mar
There are also some excellent modules for Python designed for exactly this.
Very robust, well documented - core python functionality. httplib(2) comes to
mind first.
Lou Picciano
- Original Message -
From: "James Marshall"
To: openssl-users@openssl.org
Sent: Wednesday, Se
our environment)
Without getting back to my specific notes, believe there were a minor gotchas -
like the script won't accommodate any spaces in directory names(imagine that!)
- but it works great.
Lou Picciano
- Original Message -
From: redpath
To: openssl-users@openssl.org
Sent: W
Carlo,
Have tried your same test with no error - using OpenSSL 0.9.8x:
openssl s_client -connect imap.gmail.com:993
Lou Picciano
- Original Message -
From: "Carlo Wood"
To: openssl-users@openssl.org
Sent: Thursday, September 20, 2012 10:42:33 AM
Subject: Re:
with the Windows Certificate Store via the
capi engine - happen to have just been researching this. Seem dependent on
proper compile, and proper configuration of OpenSSL in order to enable the
engine, but it's in there.
Lou Picciano
ser prompt indicates it
expires in '365 days' - in fact, I've never seen it prompt with any number
larger than 365 days!
Not a huge problem, but...
Lou Picciano
- Original Message -
From: "Erwann Abalea"
To: openssl-users@openssl.org
Cc: "Jakob
OK, Jakob - will try this. Tks for the feedback. (Seems we'd tried the 'utf8'
option inline already, but will try again). and my 'read' of the -nameopt
multiline config was that utf8 would be included, in absence of its specific
de-activation, such as with the -utf
:
Subject:
organizationName = ESBJ\C3\96RN.com
organizationalUnitName = Esbj\C3\B6rn-Th\C3\B6rstrom Group
commonName = \C3\81ki Th\C3\B6rstrom
Thanks, Lou Picciano
- Original Message -
From: "Jakob Bohm"
To: openssl-users@openssl.org
Sent: Friday, December 16, 2011
as I understand it, using the utf8 option should allow any characters you might
want.
Let us know how you get on; I've had trouble with this, too...
Lou Picciano
- Original Message -
From: "gkout"
To: openssl-users@openssl.org
Sent: Tuesday, December 13, 2011 5:35
Can a certificate's expiration date be queried directly?
IE, apart from an expired cert being rejected out of hand, or from a CRL being
read to determine a cert's validitiy...?
I'm interested in reading the expiration from a loaded, currently-valid cert.
Thanks, Victor - Time I started digging into the source code! L
- Original Message -
From: "Victor Duchovni"
To: openssl-users@openssl.org
Sent: Thursday, April 7, 2011 12:59:55 PM
Subject: Re: Getting exp date from certificate?
On Thu, Apr 07, 2011 at 04:50:19PM
Friends, I must admit we've never had to do it before - Can we query the
expiration date directly from a certificate, perhaps by using the ASN structure
code? (Is there a map of the currently-vailable structure codes, as used by
OpenSSL?)
ostgresql.util.PSQLException: The connection attempt failed.”
Looks like it’s back to trolling other message lists! Thanks for your help,
guys.
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Lou Picciano
Sent: Wednesday, March 30, 201
is that
you appear to be installing your 'user' cert (postgresql.crt) into the CAcerts
store. This would not make sense.
Lou Picciano
- Original Message -
From: "David Patricola"
To: "Tomas Gustavsson" , openssl-users@openssl.org
Sent: Wednesday
erver and client(s).
Did not see you at PG East last week?
Lou Picciano
- Original Message -
From: "David Patricola"
To: openssl-users@openssl.org
Sent: Tuesday, March 29, 2011 1:16:03 PM
Subject: Truststore or Cacerts file?
I have a postgres server running in SSL,
o the root store for that browser.
This, then, would allow SSL to verify the Server's cert against this
newly-installed CA cert. Thus, your chain is tested.
Lou Picciano
- Original Message -
From: "Matthias Meixner"
To: openssl-users@openssl.org
Sent: Thursday, Februa
nSSL list; not really the right place to get
the advice you seek? (Am happy to help nonetheless... !)
Let me know how you get on! (I will want to know the resolution of all this...)
Lou Picciano
---
Subject: RE: First time attempting PostgreSQL SSL
My server pg_hba.conf file a
time, is not
for the faint of heart, if you have never done it before. It's a bit bigger
than just setting the options in pg_hba.conf. Once you've verified SSL as a
baseline, then you're ready to move on to certificates!
Let me know! Lou Picciano
- Original Message -
hink you're not quite there yet.
To get yourself going, why not first set up a pg_hba.conf configuration using
hostssl, but skip the certificate usage for the moment... Probably a bit to
handle all at once; SSL plus the certificate authentication all in one go...
Lou Picciano
-
Hello Peter!
(You're covering a few things at the same time there...)
First off, there would normally be no problem at all running two discrete
instances of Apache on the same machine, given that they'll be on separate
ports. This is, of course, limited by constraints of the server's resour
Dear SSLers,
Can someone point us to a hard example of encoding fields within a cert in
UTF8? Specifically, we'd like to sign our CSRs with a UTF8-content 'subject'
line. Essentially, we're ttying to be sure we spell our users' names correctly!
We've already experimented with the UTF encodi
Yes, and as long as we're on the that's-the-least-of-your-lockin-worries
thread, you may want to be aware of this bit of news, just today: Significant
Ruling by The Library of Congress: In Ruling on iPhones, Apple Loses a Bit of
Its Grip
Lou
- Original Message -
From: "Todd Oberly
commands now, under OpenSSL v1.0.0, the '-infiles' switch
appears to be behaving exactly as documented.
Having said all this, I know there are those who feel that the ca command
should be avoided altogether; my notes here are only for academic/historical(?)
interest.
Lou Pic
We've run into an interesting - apparently new? - behavior of the openssl ca
command:
I believe we've used the following command in the past (pre 1.0.0). (Don't know
why we were still using the -infiles option with a single input file -
something vestigial, no doubt; Nonetheless, I think it's
Fellow OpenSSL-ers,
We're beginning to look at an apparent discrepancy in the way Google Chrome (OS
X) handles certificates.
Though Chrome seems to use the same OS X-standard keychain application used by
Safari, we are finding that Chrome reports the dreaded 'Handshake
Re-negotiation' er
Here's the link:
http://software.intel.com/en-us/articles/intel-advanced-encryption-standard-aes-instructions-set/
Obviously, I can't speak to any prospective implementation OpenSSL might come
up with, but one can only hope... ?
Lou Picciano
- Original Message -
From
Steve,
Tks for your work on this. The renegotiation error had been biting us lately as
well...
Lou
- Original Message -
From: "Dr. Stephen Henson"
To: openssl-users@openssl.org
Sent: Sunday, January 24, 2010 9:12:40 AM GMT -05:00 US/Canada Eastern
Subject: Re: Re-negotiation h
s don't understand the concept of "security veil", the TLS
implementations tend to provide a raw stream of bytes (akin to a
read()/write() pair) without the application necessarily being aware
of the change.
-Kyle H
On Thu, Jan 7, 2010 at 12:50 PM, Lou Picciano wrote:
> Anyone ha
Anyone have any ideas on this?
Have recently updated an otherwise working environment to include openSSL
v0.9.8l. Suddenly, mod_ssl is reporting:
Re-negotiation handshake failed: Not accepted by client!?
Other than a refresh of CRL, this configuration has been running AOK through
openSSL 0.
For what it's worth, just built 1.0.0b4, with no problem, using only ./config -
with no options passed.
This is on OS X 10.6.2, Intel.
We don't have a $PERL in our build environment - and why are you needing to
pass all those options re Kerberos?
Lou Picciano
- Origin
l SSL domain setup must reference
its own cert(s), how would this be accomplished if all your certs, for all
domains, were consolidated into one big file?
Lou Picciano
- Original Message -
From: "M C"
To: openssl-users@openssl.org
Sent: Saturday, November 14, 2009 12:56:09 P
e you
sent... See _only_ the key...
Lou Picciano
- Original Message -----
From: "Midori Green"
To: "Lou Picciano"
Sent: Friday, November 13, 2009 5:15:41 PM GMT -05:00 US/Canada Eastern
Subject: Re: PKCS12 import error into MacOSX keychain access
> Doing som
(I guess I don't see the 'Use Case')
Lou Picciano
- Original Message -
From: "Dr. Stephen Henson"
To: openssl-users@openssl.org
Sent: Friday, November 13, 2009 10:06:37 AM GMT -05:00 US/Canada Eastern
Subject: Re: PKCS12 import error into MacOSX keychain ac
at, not
key only...
How does your p12 file perform in the 'verify' command?
Please note that our key(s) is/are generated on UNIX, and are copied directly
over to Mac(s) via various filesharing mechanisms or SCP.
Lou Picciano
- Original Message -
From: "Midori Green"
this is produced on Solaris, and transferred without any further EOL or
EOF futzing; works without issue.
Please let us know how we can help. Always eager to help a fellow Mac user.
Lou Picciano
- Original Message -
From: "Midori Green"
To: openssl-users@openssl.org
Sent: Th
We were getting the no certificate returned error when signing the cert with
the notAfter field (this was in a PostgreSQL context, if it matters).
The -verify command reported:
error 14 at 0 depth lookup:format error in certificate's notAfter field
re-signing the cert with the -days x option
36 matches
Mail list logo