Thanks Dave for explanation.
One doubt regarding sentence " If a subjectAltName extension of type dNSName
is present, that MUST
be used as the identity(RFC 2818)"
What does this line means ?
Does it says if a certificate have different CN in issuer & subject field
but SubAltname: x.x.x.x which m
> From: owner-openssl-us...@openssl.org On Behalf Of Mr.Rout
> Sent: Wednesday, 18 January, 2012 02:52
> root@1143726:/usr/bin# openssl s_client -connect 10.204.4.69:7003
> WARNING: can't open config file: /usr/ssl/openssl.cnf
> CONNECTED(0003)
> depth=0 C = IN, ST = Karnataka, L = Bangalo
> From: owner-openssl-us...@openssl.org On Behalf Of Mr.Rout
> Sent: Saturday, 03 December, 2011 02:56
> My TLS client can validate both CN and SN & i need to test both the
> scenario.
>
> I don't know how to create certificate with "subjectAltName
> extension" using openssl commands.
>
> In th
On 07/20/2011 12:45 PM, Gaglia wrote:
> ...
Feedbacks always appreciated, in case somebody has further investigated
the issue :)
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
On 07/16/2011 07:13 PM, y...@inbox.lv wrote:
> ...
So everybody here seems to agree that steps 1)...7) I listed in the
first post are correct, and that the problem in EC management lies in
OpenVPN, right?
__
OpenSSL Project
sha256 worked. (both for dgst and for req)
If i understand correctly, ECDSA algorithm only needs hash as a
defined length
bitstring, so adapting ripemd in place of sha1 should have been
easier than
sha256 (because ripemd has the same length as sha1, sha256 is
longer).
Citējot *Dr. Stephen
On Sat, Jul 16, 2011, y...@inbox.lv wrote:
>
> openssl dgst -ripemd160 -sign ec5_ca.key shr.o.txt
> WARNING: can't open config file: /usr/local/ssl/openssl.cnf
> Error setting context
> 5664:error:100C508A:elliptic curve routines:PKEY_EC_CTRL:invalid
> digest type:.c
> ryptoecec_pmeth.c:229
On 07/16/2011 06:50 AM, y...@inbox.lv wrote:
> openssl dgst -ripemd160 -sign ec5_ca.key shr.o.txt
> WARNING: can't open config file: /usr/local/ssl/openssl.cnf
> Error setting context
My premise is that we are considering only OpenSSL v 1.0.0. Under this
condition, as I wrote in the first post,
openssl dgst -ripemd160 -sign ec5_ca.key shr.o.txt
WARNING: can't open config file: /usr/local/ssl/openssl.cnf
Error setting context
5664:error:100C508A:elliptic curve routines:PKEY_EC_CTRL:invalid
digest type:.c
ryptoecec_pmeth.c:229:
Also, in documentation on pkeyutl program is mentioned,
On Fri, Jul 15, 2011 at 5:36 PM, Kyle Hamilton wrote:
> On Fri, Jul 15, 2011 at 10:32 AM, Gaglia wrote:
>> On 07/15/2011 08:23 AM, Kyle Hamilton wrote:
>>> ...
>>
>> Excuse me, I got lost somewhere... Does this mean that it is not
>> possible to use EC crypto with OpenSSL because the algorithms a
On 07/15/2011 05:36 PM, Kyle Hamilton wrote:
> ...
>
> EC is considered to be a patent minefield. Some people (RSA Data
> Security) say that it's possible to implement EC cryptography using
> different types of algorithms which are not covered by the patents.
> Other people (Bruce Schneier, US NSA)
On Fri, Jul 15, 2011 at 10:32 AM, Gaglia wrote:
> On 07/15/2011 08:23 AM, Kyle Hamilton wrote:
>> ...
>
> Excuse me, I got lost somewhere... Does this mean that it is not
> possible to use EC crypto with OpenSSL because the algorithms are
> patented? If so, why OpenSSL does provide support to EC c
On Fri, Jul 15, 2011, y...@inbox.lv wrote:
>
> Version of ECDSA available in openssl 1.0.0d supports only SHA1.
> (maybe there are patches, which adds other hash functions, but
> default build on win32 supports only sha1).
What makes you think that? OpenSSL 0.9.8 only supports SHA1 with ECDSA
Version of ECDSA available in openssl 1.0.0d supports only SHA1.
(maybe there are patches, which adds other hash functions, but
default build on win32 supports only sha1).
ECDH and ECDSA are not guaranteed to use the same curve. At least
with s_server curve for ECDSA is specified in certifica
On 07/15/2011 08:23 AM, Kyle Hamilton wrote:
> ...
Excuse me, I got lost somewhere... Does this mean that it is not
possible to use EC crypto with OpenSSL because the algorithms are
patented? If so, why OpenSSL does provide support to EC crypto?
Sorry, I don't want to start a religion war, but as
On Thu, Jul 14, 2011 at 3:35 PM, Jeffrey Walton wrote:
On Thu, Jul 14, 2011 at 6:22 PM, Kyle Hamilton wrote:
Dismissed or withdrawn? It seems to me Certicom stopped bitting a hand
that feeds it.
Jeff
Looking at the docket, it looks like they reached an agreement to dismiss
without prejudi
On Thu, Jul 14, 2011 at 6:22 PM, Kyle Hamilton wrote:
> ECDSA is the elliptical curve (discrete-logarithm-based) variant of DSA, the
> Digital Signature Algorithm. DSA was developed by the US National Security
> Agency as a means of creating prime-factorization-based signatures without
> providin
ECDSA is the elliptical curve (discrete-logarithm-based) variant of DSA, the
Digital Signature Algorithm. DSA was developed by the US National Security
Agency as a means of creating prime-factorization-based signatures without
providing code paths which would permit the encryption of arbitrary
On 07/11/2011 05:27 AM, y...@inbox.lv wrote:
> When i searched on it, it seemed that ECDH requires specified named
> curve
You need to specify the curve's name, like this:
openssl ecparam -name sect571k1
but this should only be done in the parameters generation stage, the
generated cer
When i searched on it, it seemed that ECDH requires specified named
curve, and openVPN does not have a means of specifying it. Also, it
seems that ECDSA works only with SHA-1 (I also would like to know,
why it cannot take any 160 bit hash). I searched about it few weeks
ago and relevant messa
On 07/05/2011 03:23 PM, Gaglia wrote:
> I'm trying to make an OpenVPN setup with Elliptic Curves cryptography
> and SHA-512 on Linux Debian.
No idea anybody, really? :(
__
OpenSSL Project http://www
On Sun, Jul 03, 2011, Ritesh Rekhi wrote:
> Hi ,
>
> I need little help in implementing RFC 5746 on server, as per RFC it is not
> very clear on how to tell clients that Server doesn't support renegotiation.
>
> If anybody knows a way to tell clients that server doesn't support
> renegotiation
Hi Bizhan,
> The command BN_num_bytes(rsa_public_key->e) returns the size
> of the exponent part of the public key, and it is 3 bytes. "10001".
> Could this be a valid value?
Yes. Typical values are 3, 17, and 65535.
> We have a system that requires public key exponent to be 4 bytes,
> could I pa
At 01:20 PM 6/16/2008, Michael Sierchio wrote:
RC4 is owned (and trademarked) by RSA Security Inc, but they are no
longer enforcing the patent,
RC4 was never protected by patent, but by trade secret. When the
details of the algorithm were published, Ron Rivest himself suggested
calling the "a
RC4 is owned (and trademarked) by RSA Security Inc, but they are no
longer enforcing the patent,
RC4 was never protected by patent, but by trade secret. When the
details of the algorithm were published, Ron Rivest himself suggested
calling the "alleged RC4" "ARCFOUR". It is indeed a tradema
On 6/16/08, bagavathy raj <[EMAIL PROTECTED]> wrote:
> Hi,
> Is there any binary distribution where I can find SSL dlls without
> patented algorithms like IDEA,MCD2,RC4,RC5 etc. I tried compiling
> without them. I could exclude other algos but not RC4. Some linking
> issues. So i need to know if th
Hi,
Is there any binary distribution where I can find SSL dlls without
patented algorithms like IDEA,MCD2,RC4,RC5 etc. I tried compiling
without them. I could exclude other algos but not RC4. Some linking
issues. So i need to know if there is any ssl release without the
patented algorithms.
On 6/1
Hi,
Use the tool Dependency Walker (http://www.dependencywalker.com/) to look
at the exported functions of libeay32.dll. If it exports RC5, you will see
exported symbols starting with RC5. For MDC2, you'll find symbols starting
with MDC2 and etc...
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idri
Hi,
Tried the given function, it compiles but throws error "Run-Time Check
Failure #3 - The variable 'rsa' is being used without being defined.". Any
clue?? And the char * buf contains the key right??
Thanks & Regards
Shalmi
Marek Marcola wrote:
>
> Hello,
>> ok i l try that.let me know u
thank you, its working fine.
Marek Marcola <[EMAIL PROTECTED]> wrote: Hello,
> ok i l try that.let me know u ..
You may try something like that (not tested):
int rsa_read_pem(RSA ** rsa, char *buf, int len)
{
BIO *mem;
if ((mem = BIO_new_mem_buf(buf, len)) == NULL) {
goto err;
Hello,
> ok i l try that.let me know u ..
You may try something like that (not tested):
int rsa_read_pem(RSA ** rsa, char *buf, int len)
{
BIO *mem;
if ((mem = BIO_new_mem_buf(buf, len)) == NULL) {
goto err;
}
*rsa = PEM_read_bio_RSAPrivateKey(mem, NULL, NULL, NULL);
ok i l try that.let me know u ..
Marek Marcola <[EMAIL PROTECTED]> wrote: Hello,
> i tried that way, now its generating coredump files.is there any other
> way to solve that issue...
You should use something like that (buf and len has your key):
unsigned char *p;
RSA *rsa = NULL;
p = b
i tried that way,buffer information is not DER format.
buffer header like this.
-BEGIN RSA PRIVATE KEY-
..
-END RSA PRIVATE KEY-
Is they anyother way to resolve that problem?
Marek Marcola <[EMAIL PROTECTE
Hello,
> i tried that way, now its generating coredump files.is there any other
> way to solve that issue...
You should use something like that (buf and len has your key):
unsigned char *p;
RSA *rsa = NULL;
p = buf;
if ((rsa=d2i_RSAPrivateKey(NULL,&p,(long)len)) == NULL){
goto err;
}
if (
i tried that way, now its generating coredump files.is there any other way to
solve that issue...
Marek Marcola <[EMAIL PROTECTED]> wrote: Hello,
>
> I have a RSA key information on buffer.i want to merge with buffer
> content to SSLcontext object.
> i am using
> SSL_CTX_use_RSAPrivateKey_A
Hello,
>
> I have a RSA key information on buffer.i want to merge with buffer
> content to SSLcontext object.
> i am using
> SSL_CTX_use_RSAPrivateKey_ASN1(ctxr[i],keyinfo,strlen(keyinfo)) this
> SSL API.
> that API is failing . it gives following error message.
>
>
> 9755: error:0D0680A8:as
It is the OCSP responder cert. I suppose you already
have that, right? Or you can use this one which will
expire on Sep 15, 2005 though.
-BEGIN CERTIFICATE-
MIID2jCCA0OgAwIBAgIQaVnCDg78Yj+N1V5h9xQh0jANBgkqhkiG9w0BAQUFADCB
lDELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UE
CxM
Hi Paul,
Thats great. Thanks for your quick response.
What is tgv.pem file. how can we get that file.
Thanks in advance,
Varma
On 8/24/05, Paul Simon <[EMAIL PROTECTED]> wrote:
> Maybe your URL is wrong. I just tried this:
>
> openssl ocsp -issuer VeriSignClientECA.pem -url
> http://ocsp.veri
Maybe your URL is wrong. I just tried this:
openssl ocsp -issuer VeriSignClientECA.pem -url
http://ocsp.verisign.com -cert eca_usr_cert.pem
-VAfile tgv.pem -no_nonce -text
and it works fine as follows:
D:\prjs\ocsp\newEcaCA>openssl ocsp -issuer
VeriSignClientECA.pem -url http://ocs
p.verisign.co
Hi, Thanks a lot prakash for your reply. Actually my application works in this way1) I will get the x.509 certificate from any server(lets say) yahoo.com, now from that i will extract
yahoo.com user certificate(may be issued by verisign or others), issuers root certificate.2) Now i need to chec
Hi,
The -Vafile option is used for explicitly trusting the responder certificate of the ocsp serverSo if you omit this option you will get the "unable to get local issuer certificate" error.
To get this command workingopenssl ocsp -url http://ocsp.verisign.com:8080 -issuer ROOT_CA.pem -VAfile OCS
Hi,
Is the following command for requesting OCSP status using openSSL is correct?
1) "ocsp -url http://ocsp.openvalidation.org -issuer ROOT_CA.pem -VAfile OCSPServer.pem -cert User.pem".
If i change above command, BY REMOVING OCSPServer.pem file i am getting status as good but with a message
On Tue, Aug 16, 2005, varma d wrote:
>
> But, In this command what is the purpose of OCSPServer.pem, i still dont
> understand the purpose of OCSPServer.pem as we need to just send our request
> and expect a response from OCSP responder irrespective of OCSPServer.pemfile.
>
This is an issue o
Hi,
did you link against the openssl-libs (eg. crypto / sll)? Did you use an (ANSI-)
c compiler or a c++ compiler?
Try
cc(?) prueba.c -I/usr/local/ssl/include -L/path/to/openssl/libs -lcrypto -lssl
Good luck,
Sebastian
Silvia Gisela Pavon Velasco wrote:
I have sent this before and got no answers
It's been a few years since I've worked on HP-UX and I don't have access
to a machine running that OS currently.
but here's what I remember. I hope it's accurate. I've plucked
a couple settings out of old Makefiles that I've saved - you'll have to
see where to add the settings in your
I will reply for you...but, I have never setup anything as you asking.
I'm sorry.
I'm sure somewhere there is a forum that can address this issue.
Maybe this is not that forum.
miles
-Original Message-
From: Silvia Gisela Pavon Velasco [mailto:[EMAIL PROTECTED]
Sent: Tuesday, May 17, 2005
>From what I can see, SSL is defined as "typedef struct ssl_st SSL" in
ssl.h. If you search for "struct ssl_st" in ssl.h you will find the
definition for that structure.
Hope that helps!
On Sat, 2004-10-02 at 19:00, lu lu wrote:
> Hi, list members.
> I really want help very much. I asked th
http://www.openssl.org/support/
On Fri, 20 Aug 2004, Buddy wrote:
> Anyone out there, please help me! I am disabled and do not want to continue to see
> your conversations, although I appreciate the reason and the cause of the
> conversations.
> I just want off the list.
> Thanks,
> Buddy
>
>
13:52
To: [EMAIL PROTECTED]
Subject: Re: Please help
On Wed, Jul 23, 2003, steve thornton wrote:
> Yes I've noticed this. Basically I am making an embedded client, and am
> looking for every way possible to reduce code size, and obj_dat is very
big.
> I've more or less concluded
On Wed, Jul 23, 2003, steve thornton wrote:
> Yes I've noticed this. Basically I am making an embedded client, and am
> looking for every way possible to reduce code size, and obj_dat is very big.
> I've more or less concluded that it is not worth the trouble, but 24k is
> 24k.
> It surely should
PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Dr. Stephen Henson
Sent: 23 July 2003 12:36
To: [EMAIL PROTECTED]
Subject: Re: Please help
On Wed, Jul 23, 2003, steve thornton wrote:
> Hi
>
> I've been trying to edit and rebuild the ASN.1 database using objects.pl.
I
> am having pro
On Wed, Jul 23, 2003, steve thornton wrote:
> Hi
>
> I've been trying to edit and rebuild the ASN.1 database using objects.pl. I
> am having problems understanding what is going on. As I understand it, the
> file to edit is objects.txt, but if I change this file in any way, then
> objects.pl no l
I *think* I understand it now, but any clarification etc. would still be
most appreciated.
Steve
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of steve thornton
Sent: 23 July 2003 10:09
To: [EMAIL PROTECTED]
Subject: Please help
Hi
I've been trying to edit
On Mon, Mar 17, 2003, luke wrote:
>
> i have try many times.
> i got the same error message.
> ==
> perl Configure VC-WIN32
> .\ms\do_nt.bat
> nmake -f .\ms\nt.mak
>
> ps .net vc++(vc++ v7)
>
> .
> ui_compat.c
> cl /Fotmp32\krb5_asn.obj
Use compiler option like: cc +DD64
eg: ./configure hpux-cc +DD64
Bye,
Durai. ( [EMAIL PROTECTED])
>Hi,
>
>Is there any variable that is supposed to be set for compiling on a 64 bit machine
>like
>Compaq's Tru64?? I have used the openssl library for all the machines and it works
>except
>for Tru
er
I am running this code on Windows 2000 Server with VC++ 6.0. Send me your
client or server code so that I can look at it.
----- Original Message -
From: "Lutz Jaenicke" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>;
<[EMAIL PROTECTED]>
On Wed, Nov 13, 2002 at 09:53:34AM -0800, Lin Ma wrote:
> I have a client program using Openssl to send request to and receive
> response from a web server. SSL_read hangs if the web server sends the
> following headers.
>
> The following is the header dump without SSL. I think the problem is the
Aleksey Sanin wrote:
> IMHO it's bad idea to use gcc 3.0 on Solaris now. I had very bad
> expirience
> with it in the past. If it is possible, try gcc 2.95.3.
I've had recently the occasion to compiles openssl 0.9.6 out of the box
without problem with both 2.95.3 and 3.0.3 under Solaris.
But
On Tue, Apr 23, 2002 at 10:06:41AM +0200, Richard Levitte - VMS Whacker wrote:
> In message <[EMAIL PROTECTED]> on Mon, 22 Apr 2002 22:38:47 -0700,
>Aleksey Sanin <[EMAIL PROTECTED]> said:
>
> aleksey> IMHO it's bad idea to use gcc 3.0 on Solaris now. I had very
> aleksey> bad expirience with it
I've tried it on Solaris and Linux. IMHO, in both cases it is not polished
as well as it should be. Probably there exist projects there you have to
use 3.0 because of its new features. But it's not the case for me.
Aleksey.
Richard Levitte - VMS Whacker wrote:
>In message <[EMAIL PROTECTED]>
In message <[EMAIL PROTECTED]> on Mon, 22 Apr 2002 22:38:47 -0700, Aleksey
Sanin <[EMAIL PROTECTED]> said:
aleksey> IMHO it's bad idea to use gcc 3.0 on Solaris now. I had very
aleksey> bad expirience with it in the past. If it is possible, try
aleksey> gcc 2.95.3.
Is that just on Solaris, or
In message <[EMAIL PROTECTED]>
on Mon, 22 Apr 2002 19:16:13 -0700, "Paul Mallary" <[EMAIL PROTECTED]> said:
pmallary> I have been trying to figure this out on my own for the past day or so and
am stumped. I have installed all of the necessary stuff for openssl to compile but I
keep getting the
IMHO it's bad idea to use gcc 3.0 on Solaris now. I had very bad expirience
with it in the past. If it is possible, try gcc 2.95.3.
Aleksey Sanin
Paul Mallary wrote:
>I have been trying to figure this out on my own for the past day or so and am
>stumped. I have installed all of the necessary s
Fixed it. Had to reinstall apache+modssl
after reinstalling openssl
- Original Message -
From:
Mike K
To: [EMAIL PROTECTED]
Sent: Thursday, December 20, 2001 2:00
PM
Subject: Please help - startssl fails due
to the following errors:
[Thu Dec 20 16:48:
Salam,
Signing a request has no relation with signing requests.
To do so try what follows:
1/ Request Generation:
openssl req -new -out cert.req
2/ request Signature:
openssl req -ca -config path/openssl.cnf -in cert.req -out cert.pem
path: path to openssl.cnf configuration fil
Title: Message
Ok, I admit
it.
It was s stupid
newbie mistake.
I had thought that
having the CERT in the global options for the server would
suffice.
openssl & modssl
were down earlier so the documentation that I had was sparse at
best.
But in any case I
got it.
Thanks for all the
, September 27, 2001 1:35 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: Please help me!
Hello Ryan!
Thank you very much.
I have added the line in the Certificate Extensions section of my
openssl.cnf file:
crlDistributionPoints=URI:http://cert.vrn.ru/crl/main.crl
and then I made some
--- Original Message -
From: "Ryan Hurst" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, September 26, 2001 10:15 PM
Subject: RE: Please help me!
> Valery --
>
> This field in a certificate points to where the issuer will make its
> certificate revocat
Valery --
This field in a certificate points to where the issuer will make its
certificate revocation list available. If you are using OpenSSL or OpenCA
(based off of OpenSSL) to issue your certificates you will want to probably
put up a web server or LDAP capable directory where you can
or_strings();
your code...
End:
ERR_free_strings(); EVP_cleanup();
see u later...:)
-原始邮件-发件人: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]代表 Jordan C N
Chong发送时间: 2001年9月10日 19:43收件人:
[EMAIL PROTECTED]主题: RE: Please Help:
BIO!!
Hi,
Title: ??: Please Help: Crypto library with Visual C++
Hi,
Thanks
for your reply. I have tried, still the memory leak problem happens
:)
and
the whole application crashes
my
code is like this:
BIO *bio, *b64; BIO
*bio_out; char inbuf[128]; int
inlen; b64 = BIO_new(BIO_f_base64());
-原始邮件-发件人: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]代表 Jordan C N
Chong发送时间: 2001年9月10日 18:04收件人:
[EMAIL PROTECTED]主题: RE: Please Help: Crypto library with
Visual C++
thousand thanks for your help
:D
it
helps a lot and it works fine now...
Title: ??: Please Help: Crypto library with Visual C++
thousand thanks for your help :D
it
helps a lot and it works fine now...
Now,
pls. one more thing,
I
tried to decode a Base64 encoded string into
the
string is (for example)
:KljL0/zpzt8Y/UtenpqyMPt3JjQTFV5uofM349JXCY1z2i08XKzTW7
Dear Dirk,
> Have a look at http://www.iconsinc.com/~agray/ossldev/nt and pick the
> workspace for the version of OpenSSL you want to use (you'll still need to
> download the src tarball of OpenSSLvx.y.z).
>
> CU,
> Dirk
Thanks for your reply. I don't understand here.
All I wish to do is to use
> Sorry. This is not correct. LWP apparently doesn't
> support HTTPS out of the box because of the complexities
> associated with key exchanges and cert mgmt.
A one or two line script + Net::SSLeay will allow you to test quite
nicely.
[EMAIL PROTECTED]
__
box because of the complexities
> associated with key exchanges and cert mgmt.
>
> > -Original Message-
> > From: Varga, Jack [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, March 08, 2001 2:39 PM
> > To: '[EMAIL PROTECTED]'
> > Subject: RE: PLease help!
> To: '[EMAIL PROTECTED]'
> Subject: RE: PLease help! Using LWP to check to see if Secure
> Server is
> ru nning
>
>
> My guess is LWP by default sends requests to port 80.
> There must be a method to specify a different port...
>
> The request string where you
My guess is LWP by default sends requests to port 80.
There must be a method to specify a different port...
The request string where you specified the url...
my $req = new HTTP::Request('GET', 'https://www.someserver.com');
...just get's added the the http header inside the tcp
payload and i
¾ç½Â¸ð£¬ÄúºÃ£¡
Openssl>req -new -x509 -keyout ./demoCA/private/cakey.pem -out ./demoCA/cacert.pem
Openssl>req -out reqU.pem -keyout keyU.pem -new
Openssl>ca -policy policy_anything -out certU.pem -infiles reqU.pem
Openssl>pkcs12 -in certU.pem -inkey reqU.pem -certfile ./demoCA/cacert.pem -out
I don´t know much about modssl, but
If you set SSLVerifyClient to 1 you are telling the server
to authenticate its clients (criptographically verify the
client´s identity).
An entitity (let´s say somebody connecting to your server)
needs a certificate in order to be athenticated, but hardly any
w
[EMAIL PROTECTED] wrote:
>
> Hi Randal,
>
> I am trying to get OpenSSL to import private key files.
You can load a private key with
PEM_read_PrivateKey() (defined in openssl/pem.h)
> -Original Message-
> From: EXT Randall Ward [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, August 09, 2
The certificate can be an ASN1 or PEM format file. To use a certificate,
you must also have a private key file (also in PEM or ASN1 format). The
certificate must be the public key for the private key file. Both of these
files can be created using the openssl utility.
Example:
Generate a 1024 b
> I've been building a small https client & everything has gone quite well.
> Now I've been told that I need to include support for client authentication
> using a standard x.509 certificate & I am stumped.
How do you manage client trust to your server? how do you know
that you are really communi
Hi Randal,
I am trying to get OpenSSL to import private key files.
I am kinda blown away with this, too.
So any info we can get will be much appreciated.
-Original Message-
From: EXT Randall Ward [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, August 09, 2000 1:28 PM
To: '[EMAIL PROTECTED
Hi,
in short:
using SSL you have two parts of encryption:
first a public/secret key system (asymmetric cryptographie) is used to
establish a connection and to agree for a common secret key.
When both parties have agreed to that common secret key (which is, in
short, encrypted with the public keys
->Im new to all this. What the plan is for me and a friend to make a
->webpage with a few different sections. We would like to be able to
->update it from one page. A page that would let us choose what section
->it will be added to, write the new news or whatever and post it
->automatically and
At 10:08 AM 8/16/99 -0400, you wrote:
>Hello all. I am brand new to OpenSSL and I'm hoping that one of you can
>point me towards some (current) sample code or another appropriate resource.
>I am working on a project with a rapidly-approaching deadline, so I don't
>have a lot of time to search thr
Try the following URL. It works for me with all versions of stunnel...
http://www.dtcc.edu/cs/admin/notes/ssl/
On Thu, 15 Jul 1999, John Castillo wrote:
> Hello All,
>
> Argghh.. where did my hair go!
>
> I have been trying to configure SSL for use with my current imap server (Cyrus). I
>
> John Castillo wrote:
> built SSLeay0.8.1b
Why are you're using this old version. Upgrade to latest OpenSSL release
from http://www.openssl.org/ .
> Jul 15 17:45:20 phoenix stunnel[12524]: Wrong permissions on
> /usr/local/ssl/certs/stunnel.pem
Since the file stunnel.pem contains a private ke
John,
Looks like you use the old certificate (stunnel.pem)
with the new stunnel. The DH errors mean you won't
be able to use DH algorithm for key exchange.
RSA will work for you, anyway.
Solution: Do "make cert" and install the new certificate.
About permissions: Certificate should be only r
90 matches
Mail list logo