RE: IE can't process 1024 bits cert?

[Ludovic FLAMENT]

Hy,

thanks a lot. but i'm still confused of the cipher strength and
key length. i always think 40-bit should be the key length of
symmetric cipher algorithm and 512-bit is the key length of
asymmetric cipher algorithm.

It's just.

40-bit data encryption aglorithm
is always corresponding to 512-bit certificate,  and 128-bit
to 1024/2048-bit. is that right?

No, the certificate is independent of the symetric key-length. You can have
a server with a 512 bits certificate which used 128 bits symetric-key, or a
server with a 2048 bits certificate which used 40 bits symetric-key. It's
just a question of configuration of the server and the version (support
crypto 128 bits or No).

--
Ludovic FLAMENT

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

openssh dsa_verify still fails with openssl-0.9.6-beta2

[Graham Murray]

The dsa_verify failure for server_host_key which was seen in beta1 is
still present in beta2.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Problem: Adding certificate and private key to IIS 5.0

[Thomas Christmann]

First, thank you for your answer.

You wrote:

Both, the key and certificate _SHOULD_ be in PEM format
refer to http://www.openssl.org/docs/apps/pkcs12.html# for details.

Oh right, sorry, I didn't see it, but it says so on the site.
Now, how can I "encode" the files to the .pem format? Is .pem the same as PKCS #12?
My Certificate is encoded in Base64, my private key is DER-encoded (or at least I 
think so,
I'm not sure about all these different formats. It looks pretty unreadable opened in a 
Texteditor *g*)

Can you please tell, Which tool was used to generate the private key and the CSR 
(certificate signing request) ?

Sure, I generated the private key and the request file using keygen.exe, an IIS 4.0 
command line tool to
generate private key and certificate request, given the right information.
The certificate request are mostly send to Thawte, if it makes a difference...

So, any more ideas?

Thank you in advance,

Thomas Christmann
NT-Systemprogrammierer

mailto:[EMAIL PROTECTED]

Schlund + Partner AG
Erbprinzenstrasse 4-12
D-76133 Karlsruhe
http://www.schlund.de

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

OpenSSL version 0.9.6 Beta 2 (problems with Win 98)

[ukoeppe]

I got a little bit of problem with the new beta 2 under Windows 98. The
following line causes a program error:

openssl req -x509 -newkey rsa:512 -keyout key.pem -out cer.pem

I compiled it with Borland 5.5, since I don't have an assembler I turned off
the "readtimer" function in rand_win.c  . (Which could be why this happens
in the first place but I hope not)

Details:

Printscreen (dos window):
---
Microsoft(R) Windows 98
   (C)Copyright Microsoft Corp 1981-1998.

C:\openssl req -x509 -newkey rsa:512 -keyout key.pem -out cer.pem
Using configuration from C:\OPENSSL\OPENSSL.CNF
Loading 'screen' into random state -
C:\
---


Error-detail on desktop
-
OPENSSL verursachte einen Fehler durch eine ungültige Seite
in Modul Unbekannt bei :0095a5d5.
Register:
EAX=0072f166 CS=017f EIP=0095a5d5 EFLGS=00010216
EBX=0095a5d0 SS=0187 ESP=0072f134 EBP=
ECX=81622bc8 DS=0187 ESI=00953ec0 FS=2e27
EDX=bffc9490 ES=0187 EDI=bff7 GS=
Bytes bei CS:EIP:
64 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Stapelwerte:
0046823f  004cd210   0072f16c  
 bfea bff5     
-

TIA

U.K.



__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Problem: Adding certificate and private key to IIS 5.0

[Mandar Behere]

Hi,
AFAIK, if you have generated the private key and CSR using IIS 4.0 supplied tool, 
then the certificate and
private key will be in NET format. For details of extracting the key from IIS backup 
file and converting to PEM
format look for the messages with subject "Using openssl to generate keys for IIS" in 
the archives. It gives you
exact procedure to deal with the IIS 4.0 generated keys.

hope this helps,
Mandar

Thomas Christmann wrote:

 First, thank you for your answer.

 You wrote:

 Both, the key and certificate _SHOULD_ be in PEM format
 refer to http://www.openssl.org/docs/apps/pkcs12.html# for details.

 Oh right, sorry, I didn't see it, but it says so on the site.
 Now, how can I "encode" the files to the .pem format? Is .pem the same as PKCS #12?
 My Certificate is encoded in Base64, my private key is DER-encoded (or at least I 
think so,
 I'm not sure about all these different formats. It looks pretty unreadable opened in 
a Texteditor *g*)

 Can you please tell, Which tool was used to generate the private key and the CSR 
(certificate signing request) ?


--
Mandar Prabhakar Behere
Member of Technical Staff
Persistent Systems Pvt. Ltd.
Phone :
 office : 91-20-5676700  ext. 541
 residence : 91-20-4485174


__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Does anybody launches ssl aware apache under WIN32 correctly?

[Amit Chopra]

 [18/Sep/2000 14:03:55 00864] [info]  Init: Loading certificate  private key of 
SSL-aware server tjww.adaptview.com:443
 [18/Sep/2000 14:03:55 00864] [info]  Init: Requesting pass phrase via builtin 
terminal dialog


Your log suggests that the terminal(the application window) is waiting
for a passphrase to decrypt the private key. 
Enter there the passphrase that you entered when you generated the
certifcate request/private key.

Amit.




 __
 OpenSSL Project http://www.openssl.org
 User Support Mailing List[EMAIL PROTECTED]
 Automated List Manager   [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: OpenSSL version 0.9.6 Beta 2 (problems with Win 98)

[Jeffrey Altman]

Initialize the function pointers acquire, gen, release, netstatget,
netfree to 0.

 
 Error-detail on desktop
 -
 OPENSSL verursachte einen Fehler durch eine ungültige Seite
 in Modul Unbekannt bei :0095a5d5.
 Register:
 EAX=0072f166 CS=017f EIP=0095a5d5 EFLGS=00010216
 EBX=0095a5d0 SS=0187 ESP=0072f134 EBP=
 ECX=81622bc8 DS=0187 ESI=00953ec0 FS=2e27
 EDX=bffc9490 ES=0187 EDI=bff7 GS=
 Bytes bei CS:EIP:
 64 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 Stapelwerte:
 0046823f  004cd210   0072f16c  
  bfea bff5     



  Jeffrey Altman * Sr.Software Designer
 The Kermit Project * Columbia University
   612 West 115th St * New York, NY * 10025 * USA
 http://www.kermit-project.org/ * [EMAIL PROTECTED]


__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Does anybody launches ssl aware apache under WIN32 correctly?

[ApacheSSL]

 Your log suggests that the terminal(the application window) is waiting
 for a passphrase to decrypt the private key. 
 Enter there the passphrase that you entered when you generated the
 certifcate request/private key.
 Amit.


First thank you for your answer, Amit

The Apache log confused me, it shows

--Enter pass phrase:

first, and I input the passphrase number, then it shows

--Apache/1.3.12 (Win32) mod_ssl/2.6.5 OpenSSL/0.9.5a running...

and wait for input again without any prompt, which I have just 
inputted, so I wait for it continue running, it wait for my 
input:(( DEADLOCK:( I am so foolish, I have traced into it, but
did not try to input the passphrase number again actually:(((

So fool I am, and thank you for your advice:)

Bye, Sincerely yours tjww.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Verify signature of a multipart message

[Dr S N Henson]

Angus Lee wrote:
 
 = Original Message From [EMAIL PROTECTED] =
   I could use OpenSSL to decrypt this signed and encrypted message. Then
 when I
   verify the digital signature, OpenSSL told me that 'content and data
 present'.
   Is there anything wrong with my code?
  Can you send me a copy of the message and/or signature. The signed but
  decrypted version that is?
 
 b4dec.txt is the original signed and encrypted message, while afterdec.txt is
 what I got after decryption. cityuca.pem is the CA certificate of the signer.
 
  What version of Netscape is this BTW?
 
 4.71 (40 bit).
 

Ugh. I checked OpenSSL 4.73 too and it does the same. The cause is that
Netscape isn't properly excluding the content. It is including a zero
length content. This is a recent addition to Netscape and is a bug.

I'll see if I can develop a work around.

Steve.
-- 
Dr Stephen N. Henson.   http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED] 
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the   OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Problem: Adding certificate and private key to IIS 5.0

[Thomas Christmann]

Hi,
AFAIK, if you have generated the private key and CSR using IIS 4.0 supplied tool, 
then the certificate and
private key will be in NET format. For details of extracting the key from IIS backup 
file and converting to PEM
format look for the messages with subject "Using openssl to generate keys for IIS" in 
the archives. It gives you
exact procedure to deal with the IIS 4.0 generated keys.

hope this helps,
Mandar

It did, yes, thank you! I found out that keygen.exe creates my private key in NET 
format and my certificate
in PEM format. So I looked at the thread you mentioned and found out how to convert 
NET to PEM, which worked
like that:

openssl-0.9.5a\out32dllopenssl rsa -inform NET -outform PEM -in C:\Work\privkey.net 
-out C:\Work\userkey.pem

I created my desired PKCS #12 file with the following command:

openssl pkcs12 -export -in C:\Work\MyCert.cer -inkey C:\Work\userkey.pem -out 
C:\Work\Outfile.pfx

and got the .PFX file that I wanted in order to import the key and certificate into 
IIS 5.0. Problem is,
it doesn't work. When I double-click the .pfx file. the import wizard starts up, asks 
me for the file to
import (the newly created .pfx file) and in which certificate store I want to put the 
imported certificate
(I chose personal there, all my others are there, too). The wizards completes with the 
words "Import successful";
the problem is, my certificate was not imported, I cannot find it in any store, and so 
I can't assign it to a web.

I think that's no openssl related problem any more, but if anyone might have any 
ideas, I'd be grateful.

Thanks,

Thomas Christmann
NT-Systemprogrammierer

mailto:[EMAIL PROTECTED]

Schlund + Partner AG
Erbprinzenstrasse 4-12
D-76133 Karlsruhe
http://www.schlund.de

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Verify signature of a multipart message

[Dr S N Henson]

Angus Lee wrote:
 
 
 b4dec.txt is the original signed and encrypted message, while afterdec.txt is
 what I got after decryption. cityuca.pem is the CA certificate of the signer.
 

OK. I've included a work around to the dev version of OpenSSL. It will
be in OpenSSL 0.9.6. If you want to fix this yourself just locate the
test in the function PKCS7_verify() in crypto/pkcs7/pk7_smime.c and
comment it out.

Steve.
-- 
Dr Stephen N. Henson.   http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED] 
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the   OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Problem compiling openssl engine beta2 on NT

[Eric Korsia]

I tried to compile on a Win32 platforom openssl engine beta2, and the
OpenSSL beta2, and I recieve in both case this error:

cl /Fotmp32dll\rand_win.obj  -Iinc32 -Itmp32dll /MD /W3 /WX /G5 /Ox /O2 /Ob2
/Gs0 /GF /Gy /nologo -DWIN32 -DWIN3
2_LEAN_AND_MEAN -DL_ENDIAN /Fdout32dll /GD -D_WINDLL -D_DLL  -c
.\crypto\rand\rand_win.c
rand_win.c
.\crypto\rand\rand_win.c(175) : error C2143: syntax error : missing ')'
before '*'
.\crypto\rand\rand_win.c(175) : error C2143: syntax error : missing '{'
before '*'
.\crypto\rand\rand_win.c(175) : error C2059: syntax error : ')'
.\crypto\rand\rand_win.c(175) : error C2059: syntax error : ';'
.\crypto\rand\rand_win.c(190) : error C2065: 'NETSTATGET' : undeclared
identifier
.\crypto\rand\rand_win.c(190) : error C2146: syntax error : missing ';'
before identifier 'netstatget'
.\crypto\rand\rand_win.c(190) : error C2065: 'netstatget' : undeclared
identifier
.\crypto\rand\rand_win.c(191) : error C2275: 'NETFREE' : illegal use of this
type as an expression
.\crypto\rand\rand_win.c(176) : see declaration of 'NETFREE'
.\crypto\rand\rand_win.c(191) : error C2146: syntax error : missing ';'
before identifier 'netfree'
.\crypto\rand\rand_win.c(191) : error C2065: 'netfree' : undeclared
identifier
.\crypto\rand\rand_win.c(201) : error C2146: syntax error : missing ';'
before identifier 'GetProcAddress'
.\crypto\rand\rand_win.c(202) : warning C4047: '=' : 'int ' differs in
levels of indirection from 'unsigned long (__stdc
all *)(unsigned char *)'
.\crypto\rand\rand_win.c(209) : error C2063: 'netstatget' : not a function
.\crypto\rand\rand_win.c(212) : error C2063: 'netfree' : not a function
.\crypto\rand\rand_win.c(214) : error C2063: 'netstatget' : not a function
.\crypto\rand\rand_win.c(217) : error C2063: 'netfree' : not a function
NMAKE : fatal error U1077: 'cl' : return code '0x2'

Is there a solution to this problem?

Thanks,
ERIC
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: OpenSSL version 0.9.6 Beta 2 (problems with Win 98)

[ukoeppe]

- Original Message -
From: Jeffrey Altman [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Monday, September 18, 2000 1:08 PM
Subject: Re: OpenSSL version 0.9.6 Beta 2 (problems with Win 98)


 Initialize the function pointers acquire, gen, release, netstatget,
 netfree to 0.

Yep, that did it, thank you. Another satisfied customer :)

Uli K.




 
  Error-detail on desktop
  -
  OPENSSL verursachte einen Fehler durch eine ungültige Seite
  in Modul Unbekannt bei :0095a5d5.
  Register:
  EAX=0072f166 CS=017f EIP=0095a5d5 EFLGS=00010216
  EBX=0095a5d0 SS=0187 ESP=0072f134 EBP=
  ECX=81622bc8 DS=0187 ESI=00953ec0 FS=2e27
  EDX=bffc9490 ES=0187 EDI=bff7 GS=
  Bytes bei CS:EIP:
  64 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  Stapelwerte:
  0046823f  004cd210   0072f16c  
   bfea bff5     



   Jeffrey Altman * Sr.Software Designer
  The Kermit Project * Columbia University
612 West 115th St * New York, NY * 10025 * USA
  http://www.kermit-project.org/ * [EMAIL PROTECTED]


 __
 OpenSSL Project http://www.openssl.org
 User Support Mailing List[EMAIL PROTECTED]
 Automated List Manager   [EMAIL PROTECTED]

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Error code 0D067007

[Stephen Clark]

Hi

I'm new to openssl having just implemented Apache 1.3.9 and openssl
0.9.4. Everything was fine until I installed the certificate from
Verisign (via BT Trustwise).

We are now getting the following errors:

[Mon Sep 18 13:21:02 2000] [error] mod_ssl: SSL handshake failed
(OpenSSL library error follows)
[Mon Sep 18 13:21:02 2000] [error] OpenSSL: error:0D067007:asn1 encoding
routines:ASN1_COLLATE_PRIMITIVE:expecting an asn1 sequence

[Mon Sep 18 13:26:24 2000] [error] mod_ssl: SSL error on reading data
(OpenSSL library error follows)
[Mon Sep 18 13:26:24 2000] [error] OpenSSL: error:0D067007:asn1 encoding
routines:ASN1_COLLATE_PRIMITIVE:expecting an asn1 sequence


I'd really appreciate it if someone could let me know what I'm doing
wrong!

--
Regards,


Stephen A. Clark


__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

RE: Apps over SSL

[Mark H. Wood]

On Fri, 15 Sep 2000, Soul Fire wrote:
 Thanks for the direction. I know that openssh would replace the need for
 telnet right off the bat but does it allow for other apps to ride over
 the encrypted stream as well?

OpenSSH automagically sets up a tunnel for the X Window protocol, and I've
also used it to tunnel VNC sessions.  It's not too hard to set up.  See
the documentation for details.

Here's a shellscript that I wrote to encapsulate the gory details of VNC
tunnelling:

#! /bin/sh

GATEWAY=${VNC_GATEWAY-rahal}

ssh -L 5900:$1:5902 -x -f $GATEWAY 'sleep 10'
vncviewer -encodings "copyrect hextile" localhost

$GATEWAY is the name of the machine at the other end of the tunnel.  VNC
uses ports 5900-up.  The 'sleep 10' command is probably needed only
because I don't know more about controlling ssh properly.

Further discussion of ssh ought to move to [EMAIL PROTECTED] or
comp.security.ssh .

-- 
Mark H. Wood, Lead System Programmer   [EMAIL PROTECTED]
2000-05-05 13:27:15 GMT -- still no icebergs in the White River

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

MVS ports

[Simone Ventola]

Hello,
I'm looking for a standard and free cryptographic library (like
SSLeay, and OpenSSL of course) which can be easily compiled and linked
to applications on IBM MVS - OS/390 machines.

  Please, help me! (^_^)

Thanks in advance, see you soon,
Simone
-- 

          
|      / ___/ ___|| __ ) 
  __|_     \___ \___ \|  _ \  
 |   || ||  ___) |__) | |_) |
   __|_  || || |//|/
  |   || || || || |||
  |   || || || || |||  SOCIETA'
  |   || || || || |||  PER I SERVIZI 
  |   || || || || |||  BANCARI S.p.A.

  Ing. Simone Ventola - addetto studi e progettazione
  Divisione E-Business e Sistemi Interbancari
  Tel:02-3484509
  Cell:   0348-8231912
  E-mail: [EMAIL PROTECTED]

==
"All'origine di ogni errore attribuito al computer ci sono almeno due
errori umani... compreso quello di attribuire l'errore al computer..."
==
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: MVS ports

[Douglas Wikström]

Please turn off your reciept requesting "feature" of your mail client.

/Douglas

Simone Ventola wrote:
 
 Hello,
 I'm looking for a standard and free cryptographic library (like
 SSLeay, and OpenSSL of course) which can be easily compiled and linked
 to applications on IBM MVS - OS/390 machines.
 
   Please, help me! (^_^)
 
 Thanks in advance, see you soon,
 Simone
 --
 
        
 |      / ___/ ___|| __ )
   __|_     \___ \___ \|  _ \
  |   || ||  ___) |__) | |_) |
__|_  || || |//|/
   |   || || || || |||
   |   || || || || |||  SOCIETA'
   |   || || || || |||  PER I SERVIZI
   |   || || || || |||  BANCARI S.p.A.
 
   Ing. Simone Ventola - addetto studi e progettazione
   Divisione E-Business e Sistemi Interbancari
   Tel:02-3484509
   Cell:   0348-8231912
   E-mail: [EMAIL PROTECTED]
 
 ==
 "All'origine di ogni errore attribuito al computer ci sono almeno due
 errori umani... compreso quello di attribuire l'errore al computer..."
 ==
 __
 OpenSSL Project http://www.openssl.org
 User Support Mailing List[EMAIL PROTECTED]
 Automated List Manager   [EMAIL PROTECTED]

-- 

--
 Douglas Wikström [EMAIL PROTECTED]
--
 Yes, God created Man before Woman,
 but one always makes a draft before the masterpiece.
--
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Problem compiling openssl engine beta2 on NT

[Jeffrey Altman]

Try replacing LMSTR with LPWSTR in crypto/rand/rand_win.c



 I tried to compile on a Win32 platforom openssl engine beta2, and the
 OpenSSL beta2, and I recieve in both case this error:
 
 cl /Fotmp32dll\rand_win.obj  -Iinc32 -Itmp32dll /MD /W3 /WX /G5 /Ox /O2 /Ob2
 /Gs0 /GF /Gy /nologo -DWIN32 -DWIN3
 2_LEAN_AND_MEAN -DL_ENDIAN /Fdout32dll /GD -D_WINDLL -D_DLL  -c
 .\crypto\rand\rand_win.c
 rand_win.c
 .\crypto\rand\rand_win.c(175) : error C2143: syntax error : missing ')'
 before '*'
 .\crypto\rand\rand_win.c(175) : error C2143: syntax error : missing '{'
 before '*'
 .\crypto\rand\rand_win.c(175) : error C2059: syntax error : ')'
 .\crypto\rand\rand_win.c(175) : error C2059: syntax error : ';'
 .\crypto\rand\rand_win.c(190) : error C2065: 'NETSTATGET' : undeclared
 identifier
 .\crypto\rand\rand_win.c(190) : error C2146: syntax error : missing ';'
 before identifier 'netstatget'
 .\crypto\rand\rand_win.c(190) : error C2065: 'netstatget' : undeclared
 identifier
 .\crypto\rand\rand_win.c(191) : error C2275: 'NETFREE' : illegal use of this
 type as an expression
 .\crypto\rand\rand_win.c(176) : see declaration of 'NETFREE'
 .\crypto\rand\rand_win.c(191) : error C2146: syntax error : missing ';'
 before identifier 'netfree'
 .\crypto\rand\rand_win.c(191) : error C2065: 'netfree' : undeclared
 identifier
 .\crypto\rand\rand_win.c(201) : error C2146: syntax error : missing ';'
 before identifier 'GetProcAddress'
 .\crypto\rand\rand_win.c(202) : warning C4047: '=' : 'int ' differs in
 levels of indirection from 'unsigned long (__stdc
 all *)(unsigned char *)'
 .\crypto\rand\rand_win.c(209) : error C2063: 'netstatget' : not a function
 .\crypto\rand\rand_win.c(212) : error C2063: 'netfree' : not a function
 .\crypto\rand\rand_win.c(214) : error C2063: 'netstatget' : not a function
 .\crypto\rand\rand_win.c(217) : error C2063: 'netfree' : not a function
 NMAKE : fatal error U1077: 'cl' : return code '0x2'
 
 Is there a solution to this problem?
 
 Thanks,
 ERIC
 __
 OpenSSL Project http://www.openssl.org
 User Support Mailing List[EMAIL PROTECTED]
 Automated List Manager   [EMAIL PROTECTED]
 



  Jeffrey Altman * Sr.Software Designer
 The Kermit Project * Columbia University
   612 West 115th St * New York, NY * 10025 * USA
 http://www.kermit-project.org/ * [EMAIL PROTECTED]


__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

RE: Verify signature of a multipart message

[Angus Lee]

= Original Message From [EMAIL PROTECTED] =
Ugh. I checked OpenSSL (Netscape?) 4.73 too and it does the same. The cause 
is that
Netscape isn't properly excluding the content. It is including a zero
length content. This is a recent addition to Netscape and is a bug.
I'll see if I can develop a work around.

In other words, do you mean that I couldn't verify the digital signature of 
those e-mail come from Netscape. I'm developing a Eudora S/MIME plug-in for 
our University.

I've asked my colleague to send me a signed message using Outlook Express. He 
accidentally sent both plain text and HTML format to me. So the message is a 
multipart message, but I could verify the digital signature without any 
problem. By the way, my colleague used a digital certificate generated using 
OpenSSL to sign the e-mail. Did it matter?

Angus Lee

---
Get Your Free Email at http://www.hknetmail.com

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Verify signature of a multipart message

[Dr S N Henson]

Angus Lee wrote:
 
 = Original Message From [EMAIL PROTECTED] =
 Ugh. I checked OpenSSL (Netscape?) 4.73 too and it does the same. The cause
 is that
 Netscape isn't properly excluding the content. It is including a zero
 length content. This is a recent addition to Netscape and is a bug.
 I'll see if I can develop a work around.
 
 In other words, do you mean that I couldn't verify the digital signature of
 those e-mail come from Netscape. I'm developing a Eudora S/MIME plug-in for
 our University.
 
 I've asked my colleague to send me a signed message using Outlook Express. He
 accidentally sent both plain text and HTML format to me. So the message is a
 multipart message, but I could verify the digital signature without any
 problem. By the way, my colleague used a digital certificate generated using
 OpenSSL to sign the e-mail. Did it matter?
 

No it doesn't manner: its a Netscape messenger bug. As I said in my
other message I've added a work around in OpenSSL now anyway and it
verifies your test message (and mine) just fine.

Yes I did mean Netscape 4.73 has the problem also. I'm using PSM and it
also does that.

Steve.
-- 
Dr Stephen N. Henson.   http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED] 
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the   OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Make Ends Meet

[scott112]

Subject:  Invest $25 to get $500,000 in every 4 to 5 months!!

 Dear Friend:

  AS  SEEN ON  NATIONAL TV :

  ''Making  over half million dollars every 4  to 5 months 
from your
   home  for an  investment of only $25 U.S. Dollars  expense 
one
   time''
  THANX TO THE COMPUTER AGE AND THE INTERNET !
  ===

  BE A MILLIONAIRE  LIKE OTHERS WITHIN A YEAR !!!

  Before you say ''Bull'' , please read the following. This 
is the
  letter  you have  been  hearing about on the news lately. 
Due to the
  popularity of this letter on the internet, a national  
weekly news
  program recently devoted an entire show to the 
investigation of
  this program described below , to see if it really can make 
people
  money.

  The show also investigated whether or not the program was 
legal.
  Their findings proved once and for all that there are 
''absolutely
  NO.  Laws prohibiting the participation in the program and 
if people
  can  follow the simple instructions, they are bound to make
  some mega bucks with only $25 out of pocket cost''.

   DUE TO THE RECENT INCREASE OF POPULARITY  RESPECT THIS   
  PROGRAM  HAS ATTAINED, IT IS CURRENTLY WORKING BETTER THAN 
EVER.

   This is what one had to say:
   '' Thanks  to  this  profitable opportunity. I was 
approached
many times before but each time I passed on it. I am so 
glad
  I finally  joined just to see what one could expect 
in return
for the minimal effort and money required. To my 
astonishment, I
  received total $ 610,470.00 in  21 weeks, with 
money still
coming in''.
  Pam Hedland,  Fort Lee, New Jersey.

-


Here is another 
testimonial:

  '''This program has been around for a long time but 
I never
 believed in it. But one day when I received this 
again in
 the mail I decided to gamble my $25 on it. I 
followed the
 simple instructions and walaa . 3 weeks 
later the money
 started to come in. First month I only made 
$240.00 but
 the next 2 months after that I made a total of
 $290,000.00.
 So far, in the past 8 months by re-entering the 
program, I
 have made over $710,000.00 and I am playing it 
again.
 The key to success in this program is to follow 
the simple
 steps and NOT  change anything .''
 More testimonials later but first,

  ** PRINT THIS NOW FOR YOUR FUTURE REFERENCE ***

  $$$
   If you would like to make at least $500,000 every  4 
to 5 months
   easily and comfortably, please read the 
following...THEN READ
   IT AGAIN and AGAIN !!!
  $$$

  FOLLOW THE SIMPLE INSTRUCTION BELOW AND YOUR
  FINANCIAL  DREAMS WILL COME TRUE, GUARANTEED !

  INSTRUCTIONS:
   Order all  5  reports  shown on the list below.

  For each report, send $5  CASH, THE NAME  NUMBER OF 
THE
   REPORT YOU ARE ORDERING and  YOUR E-MAIL ADDRESS
   to the person whose name appears ON THAT LIST next to 
the report.
   MAKE SURE YOUR RETURN ADDRESS IS ON YOUR ENVELOPE
   TOP LEFT CORNER in case of any mail problems.

  When you place your order, make sure you order each of 
the 5
   reports.
   You will need all 5 reports so that you can save them 
on your
   computer
   and resell them.  YOUR TOTAL COST $5  X 5 = $25.00.

  Within a few days you will receive, vie e-mail, each of 
the 5
   reports
   from these 5 different individuals. Save them on your 
computer so
   they will be accessible for you to send to the 1,000's 
of people
   who will order them from you. Also make a floppy of 
these reports
   and keep it on your desk in case  something happen to 
your computer.

  IMPORTANT __  DO NOT alter the names of the people who 
are
   listed next to each report, or their sequence on the 
list, in
   any way other than what is instructed below in step '' 
1 through 6 '' or
   you will loose out on majority of your profits. Once 
you understand
   the way this works, you will also see how it does not 
work if you
   change it.
   Remember, this  method has been tested, and if you 
alter, it
   will NOT work!!! People have tried to put their 
friends/relatives names
   on all five thinking they could get all the money. But 
it does not work
   this way. Believe us, we all have tried to be greedy 
and 

converting raw signature to PKCS#7 format

[Vivek Dasgupta]

Hi

I have a  library which signs data on a smart card and returns 128 bytes signature. 
Now the problem is how to convert it into  PKCS#7 so that it can be verified by a 
PKCS#7 compliant verify tool.

Is there any utility which can convert raw signature to a PKCS#7 object.

The platform on which signature is done is Windows NT/95.

Thanks
vivek


___

Free Unlimited Internet Access! Try it now! 
http://www.zdnet.com/downloads/altavista/index.html

___

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

generating a certificate chain in pkcs7 format using OpenSSL?

[Kimberly Palko]

Does anyone know how to generate a certificate chain in pkcs7 form using
OpenSSL?
thanks,
Kim

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]