Re: creating certificate with enhanced key usage extension
On Tue, May 27, 2003, josephine suganthi wrote: Hi, Is it possible to create a certificate with enhanced key usage extension using openssl? What change I have to make on openssl.conf file? Please help me to create a certificate with this extension for my test purpose. Yes it is possible and as mentioned in the FAQ the documentation is in doc/openssl.txt Steve. -- Dr Stephen N. Henson. Core developer of the OpenSSL project: http://www.openssl.org/ Freelance consultant see: http://www.drh-consultancy.demon.co.uk/ Email: [EMAIL PROTECTED], PGP key: via homepage. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Custom error handling
In message [EMAIL PROTECTED] on Mon, 26 May 2003 08:57:40 +0200, Frédéric Giudicelli [EMAIL PROTECTED] said: groups Hi, groups I would like to implement some kind of error locking function: groups groups SYSerr(x,x); groups ERR_disable(); //We don't want anymore error feedback from this point groups //call to functions that can potentialy generate some more errors groups ERR_enable(); //Re-enable error feedback I'd like to suggest something different that could be used for the same purpose: ERR_mark() Puts a mark in the error stack ERR_pop_to_mark() Pops off errors from the error stack until a mark is found. The mark itself is popped as well. The reason for this is that there may be situations where you might want to add a mark, do something, then check for certain errors and only remove the errors upto the mark if they appear. Your example would be fulfilled like this: SYSerr(x,x); ERR_mark(); //We don't want anymore error feedback from this point //call to functions that can potentialy generate some more errors ERR_pop_to_mark(); //Re-enable error feedback The only difference is that this consumes a little more memory and CPU, temporarly... -- Richard Levitte \ Tunnlandsvägen 3 \ [EMAIL PROTECTED] [EMAIL PROTECTED] \ S-168 36 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Custom error handling
ERR_mark()Puts a mark in the error stack ERR_pop_to_mark() Pops off errors from the error stack until a mark is found. The mark itself is popped as well. Do they nest? Perhaps this is cleaner: int depth = ERR_get_depth(); void ERR_pop_to(int depth); /r$ __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Custom error handling
In message [EMAIL PROTECTED] on Tue, 27 May 2003 22:52:54 -0400 (EDT), Rich Salz [EMAIL PROTECTED] said: rsalz ERR_mark() Puts a mark in the error stack rsalz ERR_pop_to_mark() Pops off errors from the error stack until a rsalz mark is found. The mark itself is popped as rsalz well. rsalz rsalz Do they nest? Perhaps this is cleaner: rsalz int depth = ERR_get_depth(); rsalz void ERR_pop_to(int depth); I was thinking that several marks in the stack would be possible, so yes, the would nest. Your idea has the benefit of needing less code, since it would be up to the application to keep track of the marks rather than OpenSSL :-). I can foresee only one problem: if depth is registered, then errors are popped the old way (with the get_error functions), and then more errors are added (enough that the stack is at least as deep as when the depth was registered), and ERR_pop_to() is run, the result would be quite unexpected, and probably quite hard to debug. Of course, that case is a big-time user error, but one to be prepared for. -- Richard Levitte \ Tunnlandsvägen 3 \ [EMAIL PROTECTED] [EMAIL PROTECTED] \ S-168 36 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Custom error handling
Ok, so I imagine the internal implementation would be something like a STACK_OF(ERR_STATE) instead of a simple ERR_STATE, and the thread would be working on the ERR_STATE positionned at 0 in the stack, right ? When ERR_mark() is called we malloc a new ERR_STATE and we insert it at position 0 it in the thread's STACK_OF(ERR_STATE), when we call ERR_pop_to_mark() we simply pop the entry (which would be position 0). This would allow the handle more than on level of errors. In any event I think that functions ERR_disable() and ERR_enable() are still necessary, In my case I really don't care what errors the child functions generate since I'm in an post-error cleaning function, I see no point in wasting some CPU and RAM, since I'm not interrested in displaying the cleaning function's errors. We can still implement the ERR_disable/ERR_enable on top of the new stack code, it would only mean adding a int disabled member to ERR_STATE and test it in ERR_put_error, ERR_clear_error, get_error_values and ERR_set_error_data. If I recall those are the functions that modifiy the error list. Frédéric Giudicelli http://www.newpki.org - Original Message - From: Richard Levitte - VMS Whacker [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Wednesday, May 28, 2003 5:16 AM Subject: Re: Custom error handling In message [EMAIL PROTECTED] on Tue, 27 May 2003 22:52:54 -0400 (EDT), Rich Salz [EMAIL PROTECTED] said: rsalz ERR_mark() Puts a mark in the error stack rsalz ERR_pop_to_mark() Pops off errors from the error stack until a rsalz mark is found. The mark itself is popped as rsalz well. rsalz rsalz Do they nest? Perhaps this is cleaner: rsalz int depth = ERR_get_depth(); rsalz void ERR_pop_to(int depth); I was thinking that several marks in the stack would be possible, so yes, the would nest. Your idea has the benefit of needing less code, since it would be up to the application to keep track of the marks rather than OpenSSL :-). I can foresee only one problem: if depth is registered, then errors are popped the old way (with the get_error functions), and then more errors are added (enough that the stack is at least as deep as when the depth was registered), and ERR_pop_to() is run, the result would be quite unexpected, and probably quite hard to debug. Of course, that case is a big-time user error, but one to be prepared for. -- Richard Levitte \ Tunnlandsvägen 3 \ [EMAIL PROTECTED] [EMAIL PROTECTED] \ S-168 36 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Old mail currently unaccessible to me...
A couple of days ago, my laptop refused to boot up. That means that all my previously archived mail is unaccessible to me until I extract the hard drive and mount it on another computer. That includes mails that have been sent to me privately, or mails I've promised to handle. Therefore, I'd appreciate it if those who are waiting for an answer specifically from me could send me a reminder mail, so I can actually continue whatever I was doing. Thank you. -- Richard Levitte \ Tunnlandsvägen 3 \ [EMAIL PROTECTED] [EMAIL PROTECTED] \ S-168 36 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]