On September 9, 2021 4:34 PM, Steffen Nurpmeso wrote:
>Randall S. Becker wrote in
> <014c01d7a5b7$a0a7d1f0$e1f775d0$@nexbridge.com>:
> ...
>
>You are right in everything that you say.
>
> |Strictly speaking, the signature on a tag is considered immutable and \
On September 9, 2021 3:26 PM, Steffen Nurpmeso wrote:
>To: Randall S. Becker
>Cc: 'Benjamin Kaduk' ; openssl-users@openssl.org
>Subject: Re: Congratulations! Missing 3.0.0 tag?
>
>Randall S. Becker wrote in
> <012201d7a590$56df08d0$049d1a70$@nexbridge.com>
a031e022211684eb7eb41190cf1910f9fa
type commit
tag openssl-3.0.0
tagger Richard Levitte 1631015200 +0200
OpenSSL 3.0.0 release tag
gpg: Signature made Tue Sep 7 07:46:40 2021 EDT
gpg:using DSA key A7AF9E78F709453B
gpg: Can't check signature: public key not found
Although I do not have Richard's public key on the system where I ran the
command and GitHub is not showing the verification status
of the tag.
-Randall
branch to point
there. Do not use the openssl-3.0 branch for building 3.0.0 – it already points
to a new commit in the preparation for the subsequent release.
Randall S. Becker, ITUGLIB Process Designer, Repository Manager, Occasional
Porting Dude
+1.416.984.9826
From: openssl-users On
:
. Unthreaded 32-bit
. POSIX User Thread Model (PUT) 32-bit
. Standard POSIX Thread (SPT) Model 32-bit
. IEEE Float Unthreaded 32-bit build for x86
Please consult the OpenSSL Security Advisory for 1.1.1l for more details on
this release.
--
Randall S. Becker
ITUGLIB Process
return -1;
> }
> // Establish connect...
> SSL *ssl = SSL_new(ctx);
> if (SSL_set_fd(ssl, client) == 0) {
> ERR_print_errors_fp(stderr);
> return -1;
> }
> printf("* Negotiating SSL connection...\n");
>
> if (SSL_co
urn -1;
}
printf("* Connected!\n");
char buffer[128];
memset(buffer, 0, 128);
SSL_read((SSL*)ssl, buffer, 128);
printf("Received: \"%s\"\n", buffer);
SSL_shutdown((SSL*)ssl);
SSL_free((SSL*)ssl);
close(client);
printf("Complete.\n&qu
tomated List Manager [EMAIL PROTECTED]
--
Randall Hand
Visualization Scientist
ERDC MSRC-ITL
stands now, however, it seems I have to have the Key,
Certificate, and Password on Both Ends. Is this right?
--
Randall Hand
Visualization Scientist
ERDC MSRC-ITL
I notice it's optional.
> Is it only for the CA to verify the request?
--
Randall Perry
sysTame
Xserve Web Hosting/Co-location
Website Development/Promotion
Mac Consulting/Sales
http://www.systame.com/
__
What is the purpose of the CSR challenge password. I notice it's optional.
Is it only for the CA to verify the request?
--
Randall Perry
sysTame
Xserve Web Hosting/Co-location
Website Development/Promotion
Mac Consulting/Sales
http://www.systam
em because I don't have any problems
connecting to apache based https servers with Mac IE.
HELP!
--
Randall Perry
sysTame
Xserve Web Hosting/Co-location
Website Development/Promotion
Mac Consulting/Sales
http://www.systame.com/
___
ds
aren't sent.
I just built ipop3d with ssl and was testing it.
Is this the best way to do secure auth?
> -lee
>
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Automated List Man
I've got separate key, cert files for apache. Do I need to embed the key and
passphrase in the server to work with ipop3d?
> Randall Perry wrote:
>> Can a web server cert be used for secure pop, imap servers?
>
> Probably. The server doesn't care. It's what the c
Can a web server cert be used for secure pop, imap servers?
--
Randall Perry
sysTame
Xserve Web Hosting/Co-location
Website Development/Promotion
Mac Consulting/Sales
http://www.systame.com/
__
OpenSSL Project
rsions and
copied to /usr/lib. But, as I said above, it doesn't like 'em.
Could it be some app compiled with the older version that chokes on the new
libs?
--
Randall Perry
sysTame
Xserve Web Hosting/Co-location
Website Development/Promotion
Mac Consulting
* [openssl] Error 1
make: *** [sub_all] Error 1
> In message <[EMAIL PROTECTED]> on Mon, 25 Nov 2002 17:44:14
> -0500, Randall Perry <[EMAIL PROTECTED]> said:
>
> rgp> >From the PROBLEMS file, the 1st suggestion:
> rgp>
> rgp> > The workaround may be t
number
generator:SSLEAY_RAND_BYTES:PRNG not seeded
I read your documentation regarding
this error, but could not find any work arounds?
I hope this helps, thanks in advance
for any assistance.
Regards,
Randall Ward
> 'u's meaning is left up to the callback. It could be a prompt phrase a
> window handle or ignored. It was added because there was a
> need to send
> info to the callback.
I do nothing with u yet... I'm just hard-coding the passphrase till I can
get something to work.
> There is an additional
to. If the operation
> fails return 0.
>
> strcpy( buf, password );
> return strlen( buf );
>
> I think size is the length of buf if you want to make overflow checks.
>
> > -Original Message-
> > From: Randall Ward [mailto:[EMAIL PROTECTED]]
> >
I know know lots and lots about client authentication and certificates.
Thanks everyone for your help!
Now: there's one big thing that I don't understand. If I am going to be
building an https client that will authenticate itself with a certificate of
some kind, does that client need to have acce
I've been building a small https client & everything has gone quite well.
Now I've been told that I need to include support for client authentication
using a standard x.509 certificate & I am stumped.
Is the certificate just going to be a file? Do I just have to set a path to
it, or is there some
enerated Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
[ v3_ca ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints = CA:true
[ crl_ext ]
authorityKeyIdentifier=keyid:always,issuer:always
Thank you for
23 matches
Mail list logo