On Thu, Nov 15, 2012 at 09:52:49AM -0500, Sanford Staab(Gmail) wrote:
In the case of openssl, a big gain would be to simply document the command
line interface better and create a doc centric forum for people to add their
lessons learned filed around the particular feature area of openssl.
I beg to differ and this is one reason I am not very active.
Several years ago I contributed a function to determine endianess. I had done
it years and years before so it was quite simple for me. I took the time to
put documentation in the function. Also I am a professional consulting
I would want to double check this. The APACHE docs found here state the
following:
http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html
How do I get SSL compression working?
Although SSL compression negotiation was defined in the specification of SSLv2
and TLS, it took until May 2004 for RFC
I wom't do windows When I get paid back then I might. I have three (3)
unopened copies of NT 4.0 and I take it personally since it personally came
from my bank account. Besides which you should not be soliciting in this
channel.
On Tue, Dec 06, 2011 at 05:06:52PM -0800,
I know you are trying to help. But it doesn't help me to defer to a package
manager because I'm trying to fix what the last package managers screwed up.
On Thu, Aug 25, 2011 at 04:09:44AM -0500, Michael S. Zick wrote:
On Wed August 24 2011, t...@terralogic.net wrote:
Top posting to a
TDWaterhouse In Canada. I'm in Calgary. THose idjots tell me to reboot my
computer when their Apache servers in TO send me a misconfiguration message. I
told them yesterday we build it and you break it. Something is desperatly
wrong.
On Thu, Aug 25, 2011 at 02:10:11PM -0400, Crypto Sal
I already know its my certificate store. I only asked how to load in their
noew root cert
On Thu, Aug 25, 2011 at 01:09:20PM -0700, Craig White wrote:
Go to an entirely different computer and try accessing - you will know if
it's your computer or their certificates.
If it's your
Sorry
http://www.tdwaterhouse.ca/
Its my old cert chain which is broken. I jsut want to go to them and ask them
to supply the root cert so I can install it and get rid of the error message
which Firefox generates because I can't find the root cert.
On Thu, Aug 25, 2011 at 04:44:07PM -0400,
I know the theory. I'm also a programmer. I just never bothered to install a
root cert before. But I do know how to make them.
I'll dig around in FireFox and see where it is and how its done.
As for the bank. We build it and they break it. Not my fault.
On Thu, Aug 25, 2011 at
Good idea.
Ya. I know. But what percentage of the computers the bank deals with are
filled with malware?
On Thu, Aug 25, 2011 at 04:06:02PM -0500, Michael S. Zick wrote:
On Thu August 25 2011, t...@terralogic.net wrote:
Sorry
http://www.tdwaterhouse.ca/
Its my old cert chain
Web broker.
Also they seem to have broken their web site in other ways.
I just hate it when they figure they should reprogram my browser so I can't
right click on a link and open in a new window. I do run multiple monitors and
its nice to put a press release on one monitor and another press
Very good!
I can write a little code to do that!
Thanx
On Thu, Aug 25, 2011 at 05:24:14PM -0400, Crypto Sal wrote:
You typically import certs through the Firefox certificate manager found
via Edit - Preferences - Adv. - Encryption - View Certificates. It
should be self explanatory from
I see my bank has an invalid cert. Likely I have an old cert chain. I'm
running Debian Linux and firefox.
Can anyone tell me where to install a valid root cert? Like what directory? I
would think the bank should be able to provide the root of the chain. I'll
need to know SPECICALLY what
I have suggested this before. Write your own memtools.
http://www.terralogic.net/developer/developer.html
I tossed up a couple poor boy examples.
Note the calls:
struct pfa_ControlBlock chain1 = { ipfa_ControlBlock }
, chain2 = { ipfa_ControlBlock };
pfa_Init( chain1,
Bob,
Just a little more explanation here. Suppose we have a bunch of structures
allocted into the pages of memory and a connection goes sour and is timing out.
Suppose our server is under substantial memory pressure. In a situation like
this if _any_ structure on any active connection
I've not looked at the OpenSSL code for a few years now. Last time I looked
the only way to do things was via a BIO and the BIO functions did the crypto.
This is totally inappropriate for many server designs.
I would like to ask if the crypto/bio functions have been factored apart so
they
Thank you very much!
I never realised there was even an html attachment! I use mutt and never
looked for it. Of course I know why I use mutt and this is one of the reasons
why.
Since I never looked at the html I never saw the bogus address. How cute eh!
These financial instutions have a
Right. With server auth you elimate the weakenss I was thinking about a few
years back. As was pointed out I didn't check for html.
On Wed, Oct 03, 2007 at 03:55:21PM -0700, Michael Sierchio wrote:
[EMAIL PROTECTED] wrote:
I'd like to ask the group about a possible man in the middle
Go with OpenSSL
On Thu, Apr 27, 2006 at 03:39:47AM -0700, Wakatou (sent by Nabble.com) wrote:
Hello,
My commercial company needs to secure its databases and file transmissions.
We need to reassure the client that our site and his datas are secured on
our application. Therefore, we need to
Why don't you spin through the file in the two machines and determine if they
are (1) the eact same length and (2) if their contents match.
While I have not been doing openssl programming for a while I am a programmer
and that would the 1st thing I'd check. You should look for byte ordering as
I'll toss in my 2 cents and perhaps say something either stupid or obvious.
That is that if you have a number of say 1024 bits then you can compute the
cube root in 1024/3 operations where each operation in z^3. I do not know why
you need the number and I do not know if this is an acceptable
It depends what you mean by small. A good idea would be to see of a 200 mHz P1
will do the job.
Next - if you can forward your results to me I'd be very interested.
Depending what you are serving a power power processor like this should be able
to keep a T1 full. But this will depend on the
Usually I lurk but I can offer some suggestions.
1) it will depend on the hosting company
2) certs are the same. The issue is that windows knows about certs from
companies like verisign and does know know about anything you generate yourself
- however technically they are the same.
3)
I would be interested in looking at what you did. I and others in the past have run
into issues with the way OpenSSL does server side I/O. Perhaps this will be part of a
solution.
Please advise how I can get the code. [EMAIL PROTECTED]
Thanx
On Thu, Jan 09, 2003 at 02:07:03PM -0500,
check ldconfig
On Mon, Jun 24, 2002 at 01:10:08PM -0700, Hendrick Chan wrote:
Michael,
You missed the libexec that mentioned in the example of httpd.conf:
LoadModule foo_module libexec/mod_foo.so
Michael Piskol wrote:
Hello,
I'm currently working on installing OpenSSL 0.9.6
I sort of agree with the sentiments expressed by Shalendra Chhabra. The value added
by M$ or verisign is questionable. I would rather I could pop over to my local bank
and get a cert. They know me and I trust them. I do not trust Verisign.
I have said this before in this group and I will
You can do it on a linux box and the only drawback that I can think of is that people
will simply need to accept your certificate. If you check out equifax I think you
will find that they also are a CA and you may want to check around for alternatives to
Verisign.
On Mon, Feb 04, 2002 at
On Tue, Oct 23, 2001 at 04:37:53AM -0600, [EMAIL PROTECTED] wrote:
I did include a note and its gone so I'll resend it. I figured out what happened. I
use Mutt so these viruses won't affect me... and as I was including the attachment I
got the wrong file... so I postponed the message and got
www.gnu.org documents valloc as follows:
Function: void * valloc (size_t size)
Using valloc is like using memalign and passing the page size as the value of the
second argument. It is implemented like
this:
void *
valloc (size_t size)
{
return memalign
Maybe this will work - setting the reply to back to the originator.
Those boobs were bouncing mail to the "repy to" instead of return path - then they
blame everyone but themselves. At least if we set the reply to back to the originator
their mail server could have flooded itself - haha.
DUe to a malformed lib.so it didn't work. in apache_1.3.14+openssl_1.42 it appears
the apxs script gets broken.
I have it running now.
I also have a sample script from a friend who helped me and I'll start going thru ot
tomorrow.
... still don't know why apxs broke. I'll look into that
There seem to be a problem with ./config shared in openssl-0.9.6 that occurs
completely independantly of apache. Os=RH6.1
The problem I am running into seems to be an apache-ssl problem so I ask the pure
openssl people to ignore that part of the email.
This is weird. I _had_ it all working
This has me stumped. Do libraries cache or something? I went through this at least
10 times and used a bash script to do it all - same session even - and suddenly it is
runnning. I was damn careful to try to reporoduce EXACTLY what I did before.
Perhaps there is somthing in the make install
First off - I am new to this and I'm learning. I do not claim to know very much about
it and asked the question in openssl-dev because it seemed to me that if the DNS is
highjacked that the transaction can be masqueraded.
I did a test with Netscape 4.07. This browser is not terribly old.
I
Micheal, thankyou. I did find it under "more info". This sure is not obvious mind
you... thanx for the clarification.
On Sun, Feb 04, 2001 at 06:08:20PM +0100, Michael Strder wrote:
[EMAIL PROTECTED] wrote:
I created a cert with the host name known as www.evilempire.com
and netscape
I'm having a problem getting apache and openssl 0.9.6 running. I'm getting the
following message.
[Sat Feb 3 18:40:27 2001] [notice] Apache/1.3.14 Ben-SSL/1.42 (Unix) configured --
resuming normal operations
[Sat Feb 3 18:40:27 2001] [info] Server built: Feb 3 2001 18:40:04
[Sat Feb
OK - I think I found it.
For anyone trying to configure this there are aome pointers.
1) The httpsd.conf file found in the apache directory, typically in
/usr/local/apache_1.3.14/conf is not used. The server instead looks for
httpd.conf. You can grab the one Ben Laurie created and mofify
Yes - send them a bill. I think there were about 200 messages and they impacted over
100 people so that is about 20,000 messages. Management will not even HEAR about it
unless you call accounts payable. SO call accounts payable and ask for the billing
address... they you can be sure that
IMHO you should tell your 3rd party to use SSH and you need to do a little "educating"
in your organisation.
On Wed, Nov 08, 2000 at 02:56:05PM +, Ian Diddams wrote:
I've been tasked into investigating a link a 3rd party may be making to our
servers shortly over SSL.
I've downloaded
IMHO this is quite relevant. If you don't want people to comment on the
spam then how about you show leadership here.
There probably is a way - perhaps a direct tap into orbs - BUT that would
affect us more than them. See - if they ISP the emails are originating
from is in say ORBS then all
From:
"raffa aste" [EMAIL PROTECTED]
There has been more than a little spam running through this list. Is
there some way we can block the hosts?
I'm thinking a link to orbs may be in order - or perhaps contact the relay
admin and / or the ISP that these jerks connect to.
I realise this might
You don't play poker do you. There is not way that RSA has any claim to
openSSL at all and outside of the US they have no claim to patent
protection either. Of course, if you were a salesman sitting behind an
RSA desk and you had someone dumb enough to ask - what do you think the
response will
ok - I just read part of the paper. I'm not a cryptographer but I am a
mathemetician and here are some trivial conclusions.
the algorithm is looking for a number: N where N=p*q for two primes p and
q of relatively the same size.
If you look at the _original_ equations developed by
OpenSSL so far is patent free and probably will remain generally so unless
some hotshot chooses to try to patent something which has already been
done - but they don't know about. This has happened - I have examples.
RSA's stuff is patented in the US only and it expires as you say in Sept.
Thus
You missed my point. Read on...
b) Certificates authenticate that the person is who they say they
are.
Trust goes to trusting that second statement, not the trustworthiness
of the company behind the statement.
People in general presume that when they see the little key that
I looked closely into purchasing a cert from Thawte and it is still
something WE'll have to do. What strikes me though is that it seems to me
that there is no real value in such a thing.
I can for instance incorporate a company and shell out about $200 and get
my cert. After that everyone
46 matches
Mail list logo
