EAP-TLS certs

2006-08-30 Thread Teo 

Hi, I have need of certs for 3 clients, for some tests on
freeradius with a sniffer that it capture the input.
Therefore I want certs of test the type which already use,
generated with the script CA.all inside freeradius-1.1.2 sources.
How I can make 3 certs for distinct for the clients?
Is it possible to modify CA.all in order to create certs for 1
root, 1 server and 3 or more client certs for EAP-TLS
(xpextension incuded)?
Someone knows gives me of the information also on the guides who
can help me?
Thousand thanks for all

Matteo ;-)


__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   [EMAIL PROTECTED]

[openssl.org #1281] Solaris9: 'make test' failure in evp_test

2006-08-30 Thread via RT 

The sunstudio patch above was Solaris Sparc.

For the x86 equivilant, see

http://sunsolve.sun.com/search/advsearch.do?collection=PATCHtype=collectionsmax=50language=enqueryKey5=120759toDocument=yes
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   [EMAIL PROTECTED]

openssl ca - configuration file options - oid_section (0.9.8b)

2006-08-30 Thread Simon McMahon 
Hi,

I must have something wrong in the configuration file and there dont seem 
to be samples to cover additional OIDs. I just want to know how to use the 
'oid_section' in the openssl.cnf file correctly. Btw, I am simply adding 
the OCSPsigning extendedKeyUsage attribute to the cert. I can do that but 
not using the oid that I defined.

I tried adding the following lines to the standard (supplied) openssl.cnf 
file:

[ CA_default ]
 oid_section = oids
[ oids ]
 OCSPsigning = 1.3.6.1.5.5.7.3.9
[ ocsp_cert ]
 extendedKeyUsage = OCSPsigning

Note: the sections have other stuff in them also - I am just showing the 
additions.

Then running:
  openssl ca -in csr.pem -out xcert.pem -extensions ocsp_cert
gives output:

Error Loading extension section ocsp_cert
2920:error:0D06407A:asn1 encoding routines:a2d_ASN1_OBJECT:first num too 
large:.
\crypto\asn1\a_object.c:108:
2920:error:2206706E:X509 V3 routines:V2I_EXTENDED_KEY_USAGE:invalid object 
ident
ifier:.\crypto\x509v3\v3_extku.c:135:section:,name:OCSPsigning,value:
2920:error:22098080:X509 V3 routines:X509V3_EXT_nconf:error in 
extension:.\crypt
o\x509v3\v3_conf.c:93:name=extendedKeyUsage, value=OCSPsigning

If I switch to:
[ ocsp_cert ]
 extendedKeyUsage   = 1.3.6.1.5.5.7.3.9

It works fine giving output:

Certificate Details:
...
X509v3 extensions:
...
X509v3 Extended Key Usage:
OCSP Signing

How do I get the oid_section to work so I can use those oids that I 
defined?

Regards,

Simon McMahon

__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   [EMAIL PROTECTED]