correctly in my stunnel code. And also, if i do the
nmake -f ms\ntdll.mak install, *.lib files in the out32dll.dbg folder do
not make it to the lib folder of my install directory. They are in there
for the precompiled binaries. Were those just copied in by hand?
On Fri, Nov 14, 2014 at 3:11
Hello,
I am noticing that when I install the OpenSSL bundle from
http://slproweb.com/products/Win32OpenSSL.html
The lib folder gets a lot of .lib files in it that are corresponding to the
engines such as capi.lib
How can I compile OpenSSL to generate those same lib files? Is it simply a
matter o
thRSAEncryption indicates that the certificate was hashed using
sha1, and the result was encrypted using RSA to generate the signature.
Md5WithRSAEncryption indicates it was hashed using md5, and signed with RSA.
Thus, the certificate you're looking at was hashed with SHA1, not MD5.
Dere
Hello,
I am acting as my own cert authority so the index.txt file is constantly
being updated as I generate new certs. However, I have noticed that things
like the DB_file field are never used in the CA program.
Is it safe for me to write some custom code that will take advantage of
that field?
Just to update - I found the section in one of the apps that copies the
extensions from the request. I was able to enable the EXT_COPY_ADD and was
able to get my SANS in the cert as well as the request.
On Wed, Apr 24, 2013 at 6:44 PM, Derek Cole wrote:
> Hello,
>
> I have some code w
Hello,
I have some code which I am using to generate a CSR and some code which I
am using to generate a cert using my cert authority.
If I view the CSR, I can see that my alt names were added correctly. If I
view the cert itself, the altnames are not there. I had kind of thought
that if I had a C
Hello all,
I am curious about how something should work relating to some self signed
certs I am trying to use. It has been a while since I was messing with
this.
I have a webserver setup for my internal webmail at https://examplemail.com.
however, that site redirects to https://mail.mycompany.com
, but wouldn't it be easier to just choose
> eNULL cipher when no encryption is needed ?
>
> Le 09/11/2012 06:08, Derek Cole a écrit :
>
> Hello,
>>
>> I have a server running that I am accepting both SSL and non SSL traffic.
>> Currently I check the traffic
Hello,
I have a server running that I am accepting both SSL and non SSL traffic.
Currently I check the traffic first and if the first part of the TCP data
looks like an SSL header, I send it off to an OpenSSL socket to be read. If
it's plaintext, I just read it right there on that socket.
Is it p
As I am thinking about this a little more - I guess that the SSL_new and
SSL_accept handles all of the SSL handshake negotiation as well, that would
have to be manually handled if you were trying to decrypt on the fly?
On Wed, Oct 31, 2012 at 2:23 PM, Derek Cole wrote:
> To be clear - I h
decrypting
the TCP payload "automatically" as the SSL socket does when you stand up a
SSL_CTX and use SSL_new with that context?
On Wed, Oct 31, 2012 at 2:06 PM, dreamwvr wrote:
> On 10/31/12 11:21 AM, Derek Cole wrote:
>
>> Hello,
>>
>> Is it possible to
Hello,
Is it possible to use libpcap to detect an incoming connection (writing all
packets those packets to a socket), then, if using libpcap i determine that
a SSL connection was established , stand up another socket to read the same
file descriptor with the SSL client so that I could use the pro
CA cert?
Thanks
On Fri, Oct 12, 2012 at 11:22 AM, Derek Cole wrote:
> So I think you were right. I used a command to view the CSR that I
> generated with the following:
>
> openssl req -new -nodes -subj "/CN=www.myserver.com" -out /tmp/file.csr
> -keyout /tmp/privkey.cs
Nevermind.
I didn't realize that I did have the call in there for my socket connect()
(which was in another part of the code for non-ssl connections...it is
needed for both). I had though SSL_connect took care of that too.
On Sun, Oct 14, 2012 at 5:35 PM, Derek Cole wrote:
> Hello,
Hello,
I am trying to use SSL_connect. I have bound a socket to my interface, set
up the context, and call SSL_connect(). This is returning a -1, which I
catch, and call SSL_get_error() to fall through a switch statement. It is
retuning a SSL_ERROR_WANT_WRITE
So I am trying to use pselect in a wh
nssl.org On Behalf Of Derek Cole
> >Sent: Friday, 12 October, 2012 11:22
>
> >So I think you were right. I used a command to view the CSR
> >that I generated with the following:
> >openssl req -new -nodes -subj "/CN=www.myserver.com" -out /tmp/file.csr
> >-keyou
>From: owner-openssl-us...@openssl.org On Behalf Of Derek Cole
> >Sent: Thursday, 11 October, 2012 19:03
>
> >i have a server that is running a custom app that can accept
> >a SSL connection. I generate a cert on each server, that is
> >signed by my own CA. I tested
Thanks to everyone for the information. I can't recall right now how I set
up the name - I was thinking for sure it was with the FQDN, but I'll double
check. I will do that reading and check tomorrow when I am back at work and
see if I can figure out what is going wrong there.
Thanks
On Thu, Oct
Hello,
I sort of posted about this earlier, but I think this is a more concise
question (as the previous replies were helpful for me to start debugging
the problem).
i have a server that is running a custom app that can accept a SSL
connection. I generate a cert on each server, that is signed by
no" for a
workaround until implementing something more stable.
-Derek
On Thu, Oct 11, 2012 at 6:34 PM, Charles Mills wrote:
> I hit this EXACT problem.
>
> ** **
>
> The **wrong* *ways to solve it are to keep deleting the database or
> deleting records from the database
Thank you for the reply. It is probably obvious that I am new to SSL
programming, and I am modifying some existing code. I will read over your
information and write back if I am still having issues.
Thanks
Derek
On Wed, Oct 10, 2012 at 4:30 AM, Dave Thompson wrote:
> >From: owner-open
Hello,
I am trying to write a server that will accept an incoming SSL connection.
In psuedo, I have the following chain of function calls
SSL_CTX_load_verify_locations(ctx, root_cert_file, root_cert_dir)
SSL_CTX_use_certificate_chain_file(chain file)
SSK_CTX_use_PrivateKey_file(ch
is Server
AL> Certificate)
AL> So, if you have an idea... ! Thanks,
AL> Alain
AL> nb: i attached snapshot about the certificate window.
AL> - Original Message -
AL> From: "Derek Chew En-Hock" <[EMAIL PROTECTED]>
AL> To: "Alain Lafleche" <[EMAI
;
AL> The results is than IIS doen'st work in secure mode.
AL> Thanks very much,
AL> Alain
AL> nb: i make test with another certificate and my IIS configuration works good in
secure ssl mode.
--
Best reg
indows machine and complete the
certificate request in IIS by importing the iis.cer file.
All done!
--
Best regards,
Derek Chew En-Hock mailto:[EMAIL PROTECTED]
__
OpenSSL Project
sure that the cert 'cn' matched the email address of the IMAP
account, and it just doesn't work. Several hours of Google searches and
Microsoft KnowledgeBase searches did not produce any information on this
subject.
Thanks,
Derek Simkowiak
dereks at
For those who don't already know this, there's a book on OpenSSL published
by O'Reilly.
Details:
Network Security with OpenSSL
Authors: John Viega, Matt Messier and Pravir Chandra
Publisher: O'Reilly
ISBN: 0-596-00270-X
Cheers,
Derek
--
____
appreciated.
Regards
Derek Jones
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL
[EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
--
Derek Browne[EMAIL PROTECTED]
Director of R&D - Security Yo Inc.
__
OpenSSL Project
I'd like to set up my own timestamping server with OpenSSL.
Has anyone done this already and can give me some pointers or point me to a
good resource?
Thanks in advance,
Derek.
_
Get Your Private, Free E-mail fro
All,
I have a report in front of me commissioned by someone in my company to
review our CA/PKI system. Frankly I'm not too happy about it and would like
some bitingly worded and technically brilliant responses to support our use
of OpenSSL which I would like to continue.
The push of the repo
cure sites
using the same certificate _without being asked again for the certificate_.
Thanks in advance for any help.
Derek Charles.
_
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
Share informa
Has NOBODY got any idea why this would be happening? Same program,
same call-method, but when one program calls it, it autoloads the
die_if_ssl_error nonsense causing the "known problem", but if another
program calls with the exact same parameters it works fine.
Help!
D
>OK, I'll bite... und
OK, I'll bite... under what conditions will die_if_ssl_error be made
autoloadable?
I can call the get_https function with the SAME set of arguments from
the same perl package (I have my own "WebGet" package that I use
internally at work for fetching pages from HTTP or HTTPS servers).
Setting
Does anybody now how to make openSSL read
certificates and keys created =by IAIK?I think they might implement
different OIDs. OpenSSL cannot seem to recognize
my Iaik Private Key.
Please Help?
Derek DeMoroChief Technical
OfficerBallotDirect(650) 799-8490
Does anybody now how to make openSSL read
certificates and keys created by IAIK?
I think they might implement different
OIDs.
Please Help?
Derek DeMoroChief Technical
OfficerBallotDirect(650) 799-8490
Thank You very much. It worked. Why is it creating
a bad crt file?
Derek
- Original Message -
From: "Peter 'Luna' Runestig" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Thursday, June 08, 2000 11:53 AM
Subject: Re: S
Help. Please
Derek
Derek DeMoroChief Technical
OfficerBallotDirect(650) 799-8490
At 10:14 AM 10/7/99 +0100, Ben Laurie wrote:
> > IIRC, providing "hooks" to strong-crypto stuff is also considered the same
> > as providing strong-crypto itself, according to U.S. Idiocy^WLaw.
>
>Allegedly, it isn't illegal, but the spooks keep telling everyone it is.
>IANAL.
Dunno. Sendmail's n
Linux is the kernel which gives me the ability to use apache, but I
certainly wouldn't direct problems with apache to the linux-kernel mailing
list. Windows allows me to use Eudora, but I wouldn't call Microsoft with
questions about how Eudora works. (OK, fair enough, I wouldn't bother
trying
40 matches
Mail list logo