}
ret = BIO_reset(bio_cert);
ret = BIO_free(bio_cert);
bio_cert = NULL;
return 0;
}
I think the problem is that you haven't freed the X509 structure
which was created when you read the certificate.
So your program needs something like
if (cert) {
this posting they would have have
my sincere gratitude - however useless
that might
be.
Cheers,
Nick
Fitzsimons
Hello
All,
Does anyone know where there is a definition of the format of the contents of
the index.txt file used with the ocsp and ca
commands
? (This file contains info on the revocation status of
certificates).
Thanks,
Nick
5Z 041009233205Z 02 unknown /CN=Rick/O=Rick
/L=Hamburg/C=DE
in the hope that ocsp would see the V for othe cert identified and
return a status of valid.
Thanks in advance if you can find the tiem to help.
Nick
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL
ith a status I choose, for any
certificate which I choose.
I notice however that if I set the Status column to be R(evoked) I get
a staus of unknown rather than
revoked.
Does anyone have any observations on this ?
Thanks to Ted fo his input on this query.
Nick
-Original Message-
eventually!) looks like
it gives more flexibility for negative testing than trying to persuade
a real server to
reply with the responses which my test cases require.
I am using version 0.9.8b, as you are.
Thanks for your input here.
Nick
-Original Message-
From: [EMAIL PROTECTE
I merged some certs which were in PEM format just by putting them
together in the editor.
The openssl ocsp command has a param -CAfile where fname needs
the entire cert chain
back to the root. I did it in Notepad and it worked fine.
I haven't tried it with .DER format.
-Original Message
That part I can't help you with. Sorry.
However I did just merge them as you describe.
Good luck.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Marten Lehmann
Sent: Thursday, August 10, 2006 3:31 PM
To: openssl-users@openssl.org
Subject: Re: merging c
chain back to the root in it - by
which I mean the certificates
for all links in the chain in PEM format concatenated. Supplying this
extra parameter worked for me.
Good luck.
Nick
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent
in your chain - in PEM format - into a file (chain.pem or similar) and
supply this file as the parameter
to your -Cafile options.
Hope this helps.
Nick
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Simon McMahon
Sent: Thursday, August 31, 2006 4
for a CRL file.
Is there some sort of magic hash based naming that needs to be done for
the CRL files so they can be identified and checked against?
Thanks
Nick
__
OpenSSL Project http://www.openss
509(). Sometime later, I need
to convert the DER buffer back into an X509 structure using d2i_X509()
and that's when the wheels come off the wagon.
I've attached a code snippet that shows the problem. Can anyone help me
out?
Thanks,
Nick
all:example.c
gcc -o example -
I have a security requirement that all files in a users directory have
permissions no greater than 0750. When ~/.ssh/known_hosts is created it
is given 0644. Is there a reason for this? I can see why other would
"need" access to this file at all.
Nix
__
uld be the "simplest" solution.
Regards,
Nick Grynkewich
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@open
Dr. Stephen Henson wrote:
On Tue, Jun 21, 2005, Nick G. wrote:
Hello,
I have a need to read an encrypted RSA Private Key generated using
openssl with a java program. I have included some background at the end
of this message, but my question is basically: how is the pass phrase
converted
==< cut >===
If anyone can explain this (and tell me how to fix it) I'd greatly
appreciate it.
Also, is there no Samba-style "[EMAIL PROTECTED]" email address for
reporting these things ?
Thanks,
> Nick Boyce
> [ Information Security Manager ]
&
On 23rd.April at 17:10, Ulf Möller wrote :
> Nick Boyce reported :
>
> >> I am trying to build OpenSSL (to be followed by mod_ssl and Apache) on
> an
> >> Ultrix 4.4 system, for the first time. I have followed the installation
> >> instructions as far as I c
at I'm using) or
> Rainbow accelerators
and now I'm lost again. Surely the certificate only needs to be loaded (and
therefore the passphrase needs to be entered) *once* after Apache startup ?
Are you saying it has to be loaded every time the server gets a hit from a
browser !!???!?!
> Nic
be more specific in the future, right now I am wondering if similar
problems have been encountered anf if there is a known fix. If not, then
we'll turn on the debugging juice and see if we can't get it resolved.
Tha
I used a cert with *.commercestore.com. This worked for me. You then need
to make a virtualhost for both ports 443 and 80 for each domain. The setup
varies between ben_ssl and mod_ssl, and there may be a few other
variations. Check the docs that came with your "ssl" add-on.
Nick
A
I have some code that does a sort of read buffering scheme. I need to be
able to tell if
n characters are available to read, and if so to read them. I tried to
use SSL_pending()
to do this, but found that upon entering for the first time,
SSL_pending() _always_
returned 0. I am also not convinced
quire directive doesn't actually do anything
at all. But I must be missing something ... :-(
I''ve never done any of this, so I can't advise you on the use of
mod_rewrite.
And I too would be really grateful if Someone Who Understands could explain
the use of SSLRequire.
Cheer
I am fixing my pine+ssl hack to seed the PRNG. My development
platform is FreeBSD, so I never noticed a problem, since it
has a /dev/random.
I plan on doing something like a 'ls /' and sending that into the
PRNG along with the time, pid, ppid, uid and any other metrics
I can get my hands on, but
vious issues with D/Unix 4.0x in the archive which resulted
in advice to avoid the assembler routines on this platform; is that still
the right advice ? If so, do I achieve this using "./config no-asm" ? ]
Thanks
> Nick
> Systems Team, EDS Healthcare, Bristol, UK
>
_
got the same error as you :
Badly formed hex number: -std1
ld: Usage: ld [options] file [...]
while compiling the "openssl" commandline module.
See my next post to this list for further comment.
Nick
Systems Team, EDS Healthcare, Bristol, UK
_
modules as the distro
does, but omitting most of the commandline switches including "-fPIC" *and*
"-stdl". I guess that will avoid any complaining about either of those
options, but what is the effect on the compilation of omitting the other
s
?
(Is this the wrong list to ask that question on ?)
I suppose maybe it's just MOD_SSL that can't be shared.
Cheers,
Nick Boyce
Systems Team, EDS Healthcare, Bristol, UK
__
OpenSSL Project
ng ahead on building OpenSSL/Apache/Mod_SSL *with* DSO Apache
modules, but without any special build params for OpenSSL. I'll report back
if anything noteworthy happens.
(Oh, and I'll report that -fPIC isn't needed to the Mod_SSL list - later -
I'm not subscribed at the moment)
dmail and any other such Unix-originated open
software as may be wonderfully useful.
> Nick
> Systems Team, EDS Healthcare, Bristol, UK
__
OpenSSL Project http://www.openssl.org
User Support Mai
from the following location (FTP is currently beeing set up):
o http://www.opensa.de/source/
Yours,
The OpenSA Project Team
Martin Horwath * Christian Meis * David Norris * Daniel Reichenbach
< cut >=====
Hope this helps.
[following up my own posting]
Nick Boyce wrote :
> Shum asked :
>
>> Can anybody tell does OPPENSA web site has been closed ?
>> I cannot find it!
>
> Assuming you mean the website hosting the project to
> make Win32 versions of Apache, OpenSSL and other usef
One thing that hits smime in a way that it doesn't hit openssl's other
uses (SSL net services) is that you may want to verify an smime message
long after the SSL cert has expired. IMHO it is not, strictly speaking,
the same thing to say that a cert is expired and can't be used to generate
_new_ me
the Message Hash attribute.
Is there something that should be done to set up the object identifiers?
Can anyone help?
Thanks
Nick
__
OpenSSL Project http://www.openssl.org
User Support Mailing
Thanks for the quick response: However, I've tried adding this and still get
the same problem.
Nick
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Peter Sylvester
> Sent: 15 September 2000 12:02
> To: [EMAIL PROTECTED]
> Su
but if not
what do I have to do to make sure that the handshaking occurs?
I'd appreciate any information you can send my way: answers, code, FAQ's,
etc. that you can refer me to.
Thanks,
Nick Woods
when Verisign purchased
them :-<). Does anyone have specific URL's about this?
Nick
*** REPLY SEPARATOR ***
On 10/29/2001 at 3:02 PM Juan Carlos Albores Aguilar wrote:
>is the following possible?? if so, could you explain me how or point me
>documentation about
ans the problem
lies with the key ? I take a hardcoded 8 byte key and use des_string_to_key
and then create a des_key_sched prior to doing the encryption.
Does anyone have any suggestions or any experience of using perl / openssl
together just for DES as opposed to complete SSL communication ?
than
of moral and patriotic feeling which thinks that nothing is
worth war is much worse. A man who has nothing for which he is willing to
fight, nothing he cares about more than his own personal safety, is a
miserable creature who has no chance of being free, unless made so by the
exertions of bet
The point is that th
At 10:28 AM 2002-04-25 +0200, Richard Levitte - VMS Whacker wrote:
>In message <[EMAIL PROTECTED]> on Wed, 24 Apr
>2002 18:45:33 -0400, Nick Simicich <[EMAIL PROTECTED]> said:
>
>njs> It looks like the Received headers are filtered at the opens
here any
known issues or can anyone shed some light onto the subject for me?
Thanks in advance,
Nick
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
ber of the BBB On-Line Reliability Program
- Member of the Web Host Guild & VeriHost
-Original Message-
From: Nick Gaugler [mailto:[EMAIL PROTECTED]]
Sent: Thursday, May 09, 2002 5:53 PM
To: [EMAIL PROTECTED]
Subject: Basic OpenSSL Client w/Pthreads
I've come up with the followin
ways of
making them the same ?
Many thanks
Nick Farrow
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager
REMOVE
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
slight
modifications.
There are one more swith NO_OBJECT, but I am not of it's impact on SSL/TLS
functionality. Can anyone clear this?
And of course I am disable unused cyphers and hashes. For now I am define
NO_RC5, NO_BF, NO_CAST, NO_RIPEMD
!\n");
Regards,
Nick Marcantonio
[EMAIL PROTECTED]
Venturcom, Inc
-Original Message-
From: marcus.carey [mailto:[EMAIL PROTECTED]]
Sent: Monday, November 25, 2002 6:06 PM
To: [EMAIL PROTECTED]
Subject: Re: question about SSL libs
SSL_library_init() registers the available
On Tue, 2003-02-25 at 12:32, Dr. Stephen Henson wrote:
> On Tue, Feb 25, 2003, Nick Gray wrote:
>
> > On Tue, 2003-02-25 at 11:00, Dr. Stephen Henson wrote:
> >
> > You cant call ./Ca.pl -sign a second time. I "knows" about the
> > certificate that was pre
Prior to version 0.96 I didn't have a problem with OpenSSL at all. Today
I built a new system and tried to use it with the following results.
root:/usr/local/openssl# cd misc
root:/usr/local/openssl/misc# ls
CA.pl CA.sh c_hash c_info c_issuer c_name der_chop
root:/usr/local/openssl/misc# ./C
Dr Henson,
> Try deleting the demoCA tree and doing CA.pl -newca again.
>
That isn't it. I tried that first. I am assuming the demoCA that it
looks for is in the current working directory.
> Also check openssl.cnf is somewhere usable or OPENSSL_CONF points to it or the
> req command will give
On Sat, 2003-08-23 at 15:25, Dr. Stephen Henson wrote:
> On Sat, Aug 23, 2003, Nick Gray wrote:
>
> > Dr Henson,
> >
> >
> > > Try deleting the demoCA tree and doing CA.pl -newca again.
> > >
> >
> > That isn't it. I tried that firs
An excellent idea Ger, I will try it now, thanks for replying.
Nick
On 11 Feb 2009, at 14:04, Ger Hobbelt wrote:
Since from the looks of it your feeding enc an entire disc image, the
first question of course is: have you tried your process with a
smaller file, say a snippet of about 1K of
ion.
Anyone a bright idea ? What am I doing wrong ?
many greetings,
nick.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automate
be very welcome,
kind regards,
nick.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
Hi all,
can anyone pass me some url's to servers running openssl-0.9.5a, as I
suspect that IE5.0 on Mac may be incompatible with this openssl
version and NOT with f.i. 0.9.3a.
Also does anybody know why https://www.modssl.org is running openssl-0.9.3a ??
kind regards,
Can
this person please contact me, I'm dying for some feedback here,
maybe something compiled but isn't quite acting as it should. Or
maybe there's a programmatic fix to allow the strange MacOS IE5.0
behaviour (=more or less tolerate the buggy behaviour).
anyway, man
>After living w/ this problem
>for months, I"m to the point where I'll try anything.
Me too.
nick.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
on 9/20/00 17:08, Bodo Moeller at [EMAIL PROTECTED]
wrote:
> On Wed, Sep 20, 2000 at 04:48:39PM +0800, Michael Lee wrote:
>
> [...]
>> I have encountered exactly the same "bad mac decode" error before, although
>> I am using VC++6 on Windows 98. My HTTPS client application attempts to
>> connec
> _client_method, presumably?
Whatever, get the same error when I experiment with an SSL server and
connect to it with IE f.i. (both SSL client connect to a secure server and
SSL server contacted by IE broswser fail on this mac thing).
anyway tnx. for the help,
kind regards,
n
issue it would be
much appreciated!
Regards,
Nick
Dr. Nick van der Merwe
Director: Technology & Business Development
Ideco Technologies (Pty) Ltd
Tel: 011 463 1902
Fax: 086 529 0641 / 011 745 5615
Mobile: 083 709 8230
E-mail: <mailto:[EMAIL PROTECTED]&
Good Day,
My name is Nick Jenkins. I am setting up an Apache + mod_ssl + OpenSSL
(AMO, heretofore) configuration for internal testing purposes here at GE.
In general, I think this solution is great, and that although it is a shame
that SSL was necessarily 'chucked' from Apache due
59 matches
Mail list logo
