Hi,
Solaris does not support the device /dev/urandom which is necessary to seed
the PRNG by default.
You can either install a package which emulate /dev/urandom or seed the
PRNG
manually by the following commands :
unsigned char seed_buffer [1024] ;
RAND_pseudo_byte(seed_buffer, 1024) ;
On Wed, Nov 28, 2001 at 08:47:13AM +0100, [EMAIL PROTECTED] wrote:
> Solaris does not support the device /dev/urandom which is necessary to seed
> the PRNG by default.
> You can either install a package which emulate /dev/urandom or seed the
> PRNG
> manually by the following commands :
>
>un
Title: RE: certificate problem
Lutz,
Well sometimes installing additional software is not acceptable as was in my case. Do you have any other suggesstions for people like me? We ship a product that uses OpenSSL and we don't want to install 3rd party apps. Whil
Thanks for the advice. I was able to get an alternate /dev/urandom
package working.
Soo
On Wed, 28 Nov 2001, Lutz Jaenicke wrote:
> On Wed, Nov 28, 2001 at 08:47:13AM +0100, [EMAIL PROTECTED] wrote:
> > Solaris does not support the device /dev/urandom which is necessary to seed
> > the PRNG
On Mon, 22 Apr 2002, Andrew Finnell wrote:
> Dear fellow developers,
>
> I am experiencing some problems with a product we released. We rely
> on a public/private key architecture. The client connects to our server and
> we check to see if the certificate the client had was signed by us. I
-Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]] On Behalf Of Michal Bachorik
> Sent: Monday, April 22, 2002 12:08 PM
> To: Openssl ([EMAIL PROTECTED])
> Subject: Re: Certificate Problem :)
>
>
> On Mon, 22 Apr 2002, Andrew Finnell wro
Hello,
AFAIK by default client does not sends its certificate. You should
do something like this:
SSL_CTX_set_verify(context, SSL_VERIFY_PEER |
SSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0);
Maybe this should help.
Regards
Ales Privetivy
> Dear fellow developers,
>
> From: owner-openssl-us...@openssl.org On Behalf Of Barbe, Charles
> Sent: Sunday, July 06, 2014 22:42
> I have the following certificates and associated private keys:
>
> A - certificate A generated with one version of my software not using
openssl
> B - certificate B generated with a new versi
On 7/6/2014 7:41 PM, Barbe, Charles wrote:
> Does anybody have any suggestions on where to look to figure this out? A tool
> to use?
>
> I realize that actually attaching the certa might be helpful but I do not
> have them handy as I write this. Please let me know if that might help
> somebody
You could try examining both PEM-encoded certificates using an ASN.1
decoder, such as the one here - http://lapo.it/asn1js
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Barbe, Charles
Sent: Sunday, July 6, 2014 8:42 PM
To: o
I am positive that I am installing the ca in the correct spot because
connections to server B correctly show the CA cert as the trusted root when I
view the certificate for the connection in the web browser.
To be clear, openssl verify says that both certificates A and B are ok when I
provide
As I said in another note, I will try to send the certs tomorrow. Thanks for
the help!
CHAD
> On Jul 7, 2014, at 4:42 PM, "Kyle Hamilton" wrote:
>
>
>> On 7/6/2014 7:41 PM, Barbe, Charles wrote:
>> Does anybody have any suggestions on where to look to figure this out? A
>> tool to use?
>>
>
I will try an ASN.1 decoder tomorrow. Thanks for the suggestion!
One thing I did try today was to have both servers generate their certificates
using the same private key. Theoretically I would expect the two certs to then
be exactly the same to the bit... I am not providing any domain or ip spe
> From: owner-openssl-us...@openssl.org On Behalf Of Barbe, Charles
> Sent: Monday, July 07, 2014 21:59
> I will try an ASN.1 decoder tomorrow. Thanks for the suggestion!
>
> One thing I did try today was to have both servers generate their
certificates
> using the same private key. Theoretically
On Mon, Jul 7, 2014 at 9:59 PM, Barbe, Charles
wrote:
> I will try an ASN.1 decoder tomorrow. Thanks for the suggestion!
>
> One thing I did try today was to have both servers generate their
> certificates using the same private key. Theoretically I would expect the two
> certs to then be exactl
CHAD
> On Jul 7, 2014, at 11:11 PM, "Jeffrey Walton" wrote:
>
> On Mon, Jul 7, 2014 at 9:59 PM, Barbe, Charles
> wrote:
>> I will try an ASN.1 decoder tomorrow. Thanks for the suggestion!
>>
>> One thing I did try today was to have both servers generate their
>> certificates using the same
CHAD
On Jul 7, 2014, at 11:03 PM, "Dave Thompson" wrote:
>> From: owner-openssl-us...@openssl.org On Behalf Of Barbe, Charles
>> Sent: Monday, July 07, 2014 21:59
>
>> I will try an ASN.1 decoder tomorrow. Thanks for the suggestion!
>>
>> One thing I did try today was to have both servers ge
On 7/7/2014 8:24 PM, Barbe, Charles wrote:
>
> CHAD
>
>> On Jul 7, 2014, at 11:11 PM, "Jeffrey Walton" wrote:
>>
>> On Mon, Jul 7, 2014 at 9:59 PM, Barbe, Charles
>> wrote:
>>> I will try an ASN.1 decoder tomorrow. Thanks for the suggestion!
>>>
>>> One thing I did try today was to have both ser
On Mon, Jul 07, 2014, Dave Thompson wrote:
>
> The only thing that springs to mind that could be invisible is string types
> and
> some options of the cert Issuer fields vs the CA Subject. RFC 5280 requires
> a
> fairly complicated Unicode-aware comparison algorithm which I believe
> openssl
>
Hi Erik,
thanks for replying. I received your mail but not
via the list - it hasn't appeared there (yet) ...
Problem solved: As usual it was annoyingly
simple (and embarassing).
I was assuming that when I did a "make certificate"
the certificate in "/www/conf" would be altered,
but it wasn
"Andrew T. Finnell" <[EMAIL PROTECTED]> writes:
> I do a SSL_get_peer_certificate and everything works for a while.
> But all of a sudden I never get a certificate from the client. This
> causes our server to think the client isn't validated. The only way we
> seem to be able to fix this is to re-
Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]] On Behalf Of Eric Rescorla
> Sent: Monday, April 22, 2002 12:25 PM
> To: [EMAIL PROTECTED]
> Subject: Re: Certificate Problem / get_peer_certificate
>
>
> "Andrew T. Finnell&qu
"Andrew T. Finnell" <[EMAIL PROTECTED]> writes:
> I do not know. I do not have access to these machines they are
> at our client's location. I suppose we could try and get them to install
> ssldump and run it. Although I am not sure this is an option.
ssldump can read data captured with 'tc
Thompson [dthomp...@prinpay.com]
Sent: Monday, July 07, 2014 4:03 PM
To: openssl-users@openssl.org
Subject: RE: Certificate problem
> From: owner-openssl-us...@openssl.org On Behalf Of Barbe, Charles
> Sent: Sunday, July 06, 2014 22:42
> I have the following certificates and associate
On Tue, Jul 8, 2014 at 3:39 PM, Barbe, Charles
wrote:
> I figured it out and am now wondering if there is a defect in the openssl
> verify command. This suggestion from Dave Thompson:
> I would first try x509 -noout -subject|issuer -nameopt multiline,show_type
> and see if that helps.
> Pointed m
| 14604
charles.ba...@allworx.com | 585.421.5565
From: owner-openssl-us...@openssl.org [owner-openssl-us...@openssl.org] on
behalf of Jeffrey Walton [noloa...@gmail.com]
Sent: Tuesday, July 08, 2014 4:19 PM
To: OpenSSL Users List
Subject: Re: Certificate
.5565
From: owner-openssl-us...@openssl.org [owner-openssl-us...@openssl.org] on
behalf of Barbe, Charles [charles.ba...@allworx.com]
Sent: Tuesday, July 08, 2014 4:44 PM
To: openssl-users@openssl.org
Subject: RE: Certificate problem - SOLVED
Yet openssl verify said OK to both of my certificates ag
On Tue, Jul 8, 2014 at 4:48 PM, Barbe, Charles
wrote:
> Also don't these lines of the spec:
>
> countryName ATTRIBUTE ::= {
> WITH SYNTAX PrintableString (SIZE (2))
> -- IS 3166 codes only
> ID
> From: owner-openssl-us...@openssl.org On Behalf Of Jeffrey Walton
> Sent: Tuesday, July 08, 2014 16:20
> On Tue, Jul 8, 2014 at 3:39 PM, Barbe, Charles
> wrote:
> > I figured it out and am now wondering if there is a defect in the openssl
> verify command. This suggestion from Dave Thompson:
>
On Tue, Jul 8, 2014 at 7:00 PM, Dave Thompson wrote:
>> From: owner-openssl-us...@openssl.org On Behalf Of Jeffrey Walton
>> Sent: Tuesday, July 08, 2014 16:20
> ...
>> Not sure if this is any consolation, but countryName is a
>> DirectoryString, and PrintableString is OK per RFC 5280
>> (http://t
> From: owner-openssl-us...@openssl.org On Behalf Of Jeffrey Walton
> Sent: Tuesday, July 08, 2014 20:33
> On Tue, Jul 8, 2014 at 7:00 PM, Dave Thompson
> wrote:
> >> From: owner-openssl-us...@openssl.org On Behalf Of Jeffrey Walton
> >> Sent: Tuesday, July 08, 2014 16:20
> > ...
> >> Not sure if
I just had the same problem today. I fixed it but I dont know exactly
what I did that made it work. I checked the hostname -f and it gave me
an alias at first, try hostname -vf and lookfor h_name=`...'. Even if
your using a vhost you should use your regular host name in the csr.
Good Luck!
Barry
l
Active Solutions L.L.C
[EMAIL PROTECTED]
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]] On Behalf Of Eric Rescorla
> Sent: Monday, April 22, 2002 12:36 PM
> To: [EMAIL PROTECTED]
> Subject: Re: Certificate Problem / get_peer_certificate
&
Venkata LK Mula escribió:
Hi,
With reference to the above mentioned subject, we have generated root,
server and client certificates in .pfx (p12) and .der format in
FreeRADIUS using OpenSSL, installed these certificates on the Windows
XP client. And when I'm trying to associate the Windows c
I have had to add certs to two different places in Windows in order for
the them be found.
I added them using system32/certmgr -- but that is not enough. I have
found I also need to add them using the certificate control panel in
Internet Explorer. I use certs to sign documents in OpenOffice
Under most circumstances, roots certificates must be installed in the
Machine Root store, not in the User Root store. If you are looking to
authenticate to a wireless network, you may need to install the
certificate (and associated private key) to the Machine Certificates,
not the User Certificate
On Fri, Jan 18, 2002 at 12:08:36PM -0500, Mark Lidd wrote:
> A transcript is the following:
>
> bash-2.05$ openssl s_client -connect autonet.va.autometric.com:443 -ssl2
...
> Ciphers common between both SSL endpoints:
> RC4-MD5 EXP-RC4-MD5 RC2-CBC-MD5
> EXP-RC2-CBC-MD5 DES-CBC-MD5
37 matches
Mail list logo
