updated to return values.
I'll have a look at it.
Steve.
--
Dr. Stephen Henson [EMAIL PROTECTED]
OpenSSL Project http://www.openssl.org/~steve/
__
OpenSSL Project http
forms based on
the type-id OID.
ORAddress: here be dragons!
Anyone unsure of the reason for that comment should have a look
at the definition of ORAddress...
Steve.
--
Dr. Stephen Henson [EMAIL PROTECTED]
OpenSSL Project http://www.openssl.org/~steve
snapshot.
Thanks for the report.
Steve.
--
Dr. Stephen Henson [EMAIL PROTECTED]
OpenSSL Project http://www.openssl.org/~steve/
__
OpenSSL Project http://www.openssl.org
in complying
with PKCS #5?
Frank
The algorithm used is not comliant with PKCS#5 but we're stuck with it
because its what was used since SSLeay. Full PKCS#5 (v1.5 and v2.0) compliant
functions are available which use PKCS#8.
Steve.
--
Dr. Stephen Henson [EMAIL PROTECTED]
OpenSSL Project
Is this a bug?
Openssl version 0.9.8 cvs from a couple of days ago.
Try using the @section syntax for this extension,
for example:
crlDistributionPoints=@crldp_section
[crldp_section]
URI=ldap//some.server/cn=Test-ZS1,o=x x,c=de?certificateRevocationList
Steve.
--
Dr. Stephen Henson [EMAIL
is a debugging option which will give all
manner of messages why it rejects certain certificates
during the verify process. It is quite normal to have
one or more messages like that when -issuer_checks
is set.
Steve.
--
Dr. Stephen Henson [EMAIL PROTECTED]
OpenSSL Project
referenced, optionally perform the ctrls on
it then call ENGINE_load_private_key returning the
EVP_PKEY structure to the application. This would all
go on under the hood and the application should
largely be able to handle this kind of key in the
same way as an ordinary key.
Steve.
--
Dr. Stephen
? thanks.
That sounds like a certificate hasn't been freed up. Is there
a call to X509_new() as well?
Steve.
--
Dr. Stephen Henson [EMAIL PROTECTED]
OpenSSL Project http://www.openssl.org/~steve
self-signed CA. I just followed the steps on
Try posting the result of:
cat -vte serial
from wherever the 'serial' file is before and after you get the
error mesage.
Steve.
--
Dr. Stephen Henson [EMAIL PROTECTED]
OpenSSL Project http://www.openssl.org/~steve
or it could
be a bug. Why dont' you include the contents of files foo.pem and cacert.pem?
You can also try the -issuer_checks option to see why it is rejecting any
candidate CA certificates.
Steve.
--
Dr. Stephen Henson [EMAIL PROTECTED]
OpenSSL Project http://www.openssl.org
is
that the code in ASN1_get_object which had previously been indef'd out had
been disabled due to this bug, ie. the symptom fixed rather than the
cause.
This has already been reported and fixed in the 0.9.6-stable branch but it
is not currently in any release.
Steve.
--
Dr. Stephen Henson
does any conversion inside and this is
always called where it might be needed. Then in the call
to X509V3_add_value_native() we can either just call
X509V3_add_value (on ASCII machines) or do the conversion
(on EBCDIC).
Steve.
--
Dr. Stephen Henson [EMAIL PROTECTED]
OpenSSL
index.txt and serial (AFAIK this was the case for older versions).
The command CA.pl -newca does that. Can you check if a demoCA created with
CA.pl -newca also produces this error?
Steve.
--
Dr. Stephen Henson [EMAIL PROTECTED]
OpenSSL Project http://www.openssl.org/~steve
to trace problems later: such as bogus verify or signature failures.
Steve.
--
Dr. Stephen Henson [EMAIL PROTECTED]
OpenSSL Project http://www.openssl.org/~steve/
__
OpenSSL Project
.
Steve.
--
Dr. Stephen Henson [EMAIL PROTECTED]
OpenSSL Project http://www.openssl.org/~steve/
__
OpenSSL Project http://www.openssl.org
Development Mailing List
SSL_v3_client_method() call before starting any threads.
Steve.
--
Dr. Stephen Henson [EMAIL PROTECTED]
OpenSSL Project http://www.openssl.org/~steve/
__
OpenSSL Project http
/openssl-
0.9.6g/crypto'
make: *** [sub_all] Error 1
Is there a crypto.h file somewhere on your system from an earlier version
of OpenSSL that it might be seeing before the internal one?
Steve.
--
Dr. Stephen Henson [EMAIL PROTECTED]
OpenSSL Project http
or memory
BIO and pass that to PKCS7_encrypt().
Steve.
--
Dr. Stephen Henson [EMAIL PROTECTED]
OpenSSL Project http://www.openssl.org/~steve/
__
OpenSSL Project http
. Stephen Henson [EMAIL PROTECTED]
OpenSSL Project http://www.openssl.org/~steve/
__
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL
to satisfy a server's
request.
Doesn't OpenSSL do a kind of cheap and nasty certificate verify to
build up the chain, or am I thinking of something else? If it does that
would be a possible work around but I agree that the API should be extended.
Steve.
--
Dr. Stephen Henson [EMAIL
objects? Or,
most likely, I am missing something. =)
The field isn't one of OpenSSLs ASN1 types so it isn't written out or read in
when the structure is encode/decoded. Its just used as a temporary location to
store a cipher during processing by the S/MIME routines.
Steve.
--
Dr. Stephen Henson
for
compatibility.
This issue crops up frequently so it was added to the FAQ...
Steve.
--
Dr. Stephen Henson [EMAIL PROTECTED]
OpenSSL Project http://www.openssl.org/~steve/
__
OpenSSL Project
it is not. I can manually add strip off the algo
ObjId and Seqence to get at the real PBE Params but this is a pain. Is
there a d2i/id2 that will encode/decode the PBEParams Info Object with the
algo in it?
Yes X509_ALGOR: its equivalent to AlgorithmIdentifier.
Steve.
--
Dr. Stephen Henson
smartcardlogin extensions to be added and just
about anything else.
Steve.
--
Dr. Stephen Henson [EMAIL PROTECTED]
OpenSSL Project http://www.openssl.org/~steve/
__
OpenSSL Project http
is, is there any code which depends on the uniqueness of DNs
in the index.txt except of ca.c?
The main problem AFAICS is the TXT db indexing which is only in ca.c
Steve.
--
Dr. Stephen Henson [EMAIL PROTECTED]
OpenSSL Project http://www.openssl.org/~steve
On Wed, Oct 02, 2002, Michael Bell wrote:
Dr. Stephen Henson wrote:
I've got some prototype code that allows arbitrary structures to be added to
extensions, from the config file.
It should allow the Win2000 smartcardlogin extensions to be added and just
about anything else.
Where
.
I agree some more options should be added and this behaviour documented.
Steve.
--
Dr. Stephen Henson [EMAIL PROTECTED]
OpenSSL Project http://www.openssl.org/~steve/
__
OpenSSL Project
in newer 0.9.7 snapshots. It looks like you
need the PKCS7_BINARY flag.
--
Dr. Stephen Henson [EMAIL PROTECTED]
OpenSSL Project http://www.openssl.org/~steve/
__
OpenSSL Project
On Tue, Oct 15, 2002, Michael Bell wrote:
Dr. Stephen Henson wrote:
If the PKCS#8 key is in PEM format it can be handled directly without any
conversion.
This is perhaps correct for the OpenSSL-commandlinetools (I don't know
it) but I think mod_ssl is a problem and perhaps other
put in a memory BIO.
Alternatively you can populate the structure manually and
add it using X509_add1_ext_i2d().
Check the x509v3.h header file and v3_cpols.c too.
Steve.
--
Dr. Stephen Henson [EMAIL PROTECTED]
OpenSSL Project http://www.openssl.org/~steve
?
It might be best handled automagically in the PKCS#8 code: there's already
loads of stuff for broken PKCS#8 formats.
Steve.
--
Dr. Stephen Henson [EMAIL PROTECTED]
OpenSSL Project http://www.openssl.org/~steve
checked in a fix.
Steve.
--
Dr. Stephen Henson [EMAIL PROTECTED]
OpenSSL Project http://www.openssl.org/~steve/
__
OpenSSL Project http://www.openssl.org
Development Mailing
not how you call EVP when you want to change parameters. The correct
sequence is:
EVP_CipherInit(ctx, cipher, NULL, NULL, 1);
/* Ctrls such as RC4 key length */
EVP_CipherInit(ctx, NULL, key, iv, 1);
See the manual pages for more info.
Steve.
--
Dr. Stephen Henson [EMAIL PROTECTED
On Wed, Oct 02, 2002, Michael Bell wrote:
Dr. Stephen Henson wrote:
I've got some prototype code that allows arbitrary structures to be added to
extensions, from the config file.
It should allow the Win2000 smartcardlogin extensions to be added and just
about anything else.
Where
. Stephen Henson [EMAIL PROTECTED]
OpenSSL Project http://www.openssl.org/~steve/
__
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL
is that some broken encodings which
are supposed to follow DER still include fields which have the default value.
If OpenSSL always omitted the field then this would result in a different
encoding, which would break signatures.
Steve.
--
Dr. Stephen Henson [EMAIL PROTECTED]
OpenSSL
X509_EXTENSION_set_critical(), though the
set_version forms don't curently have this functionality.
I suppose at some point in future an additional template 'interpreter' could
be added to the new ASN1 code to handle field setting to default values
automatically.
Steve.
--
Dr. Stephen Henson
extensions it can create a V2 CRL. Not sure what you mean by a
V3 CRL do you have an example you could post?
Steve.
--
Dr. Stephen Henson [EMAIL PROTECTED]
OpenSSL Project http://www.openssl.org/~steve/
__
OpenSSL
will create a ticket...
None of the static RSA ciphersuites include RSA in the textual representation.
We should update ciphers manual page for the new AES stuff though.
Steve.
--
Dr. Stephen Henson [EMAIL PROTECTED]
OpenSSL Project http://www.openssl.org/~steve
ignores certificates in the message, without -nointern it wil still look in
those mentioned in -certfile if the signer's certificate can't be found in the
message itself.
Steve.
--
Dr. Stephen Henson [EMAIL PROTECTED]
OpenSSL Project http://www.openssl.org/~steve
?
Steve.
--
Dr. Stephen Henson [EMAIL PROTECTED]
OpenSSL Project http://www.openssl.org/~steve/
__
OpenSSL Project http://www.openssl.org
Development Mailing List
if its a
directory.
Then set the store flag X509_V_FLAG_CRL_CHECK.
The s_client utility in 0.9.7 (and some other utilities too) has this
functionality.
Steve.
--
Dr. Stephen Henson [EMAIL PROTECTED]
OpenSSL Project http://www.openssl.org/~steve
? That is what length
is reported by asn1parse on it. In particular does the certificate encoding
include the trailing \0?
Steve.
--
Dr. Stephen Henson [EMAIL PROTECTED]
OpenSSL Project http://www.openssl.org/~steve
contents accordingly.
If however you just want to compare against a time_t value X509_cmp_time()
will do the trick.
Steve.
--
Dr. Stephen Henson [EMAIL PROTECTED]
OpenSSL Project http://www.openssl.org/~steve
the result in
a long.
Steve.
--
Dr. Stephen Henson [EMAIL PROTECTED]
OpenSSL Project http://www.openssl.org/~steve/
__
OpenSSL Project http://www.openssl.org
Development Mailing List
. Stephen Henson [EMAIL PROTECTED]
OpenSSL Project http://www.openssl.org/~steve/
__
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL
.
Thanks very much!
Oh, not that it matters but: MSVC6 on Windows 2000. Also using on RedHat Linux, but
not this function.
Agreed, fix being checked in. Thanks for the report.
Steve.
--
Dr. Stephen Henson [EMAIL PROTECTED]
OpenSSL Project http://www.openssl.org/~steve
and can OpenSSL decrypt 3DES messages from Win98?
Steve.
--
Dr. Stephen Henson [EMAIL PROTECTED]
OpenSSL Project http://www.openssl.org/~steve/
__
OpenSSL Project http
, in
particular what SMIMECapabilities do you get, if you aren't sure about that
email me a signed message created using that certificate.
Steve.
--
Dr. Stephen Henson [EMAIL PROTECTED]
OpenSSL Project http://www.openssl.org/~steve
it and see if it can handle that.
Steve.
--
Dr. Stephen Henson [EMAIL PROTECTED]
OpenSSL Project http://www.openssl.org/~steve/
__
OpenSSL Project http://www.openssl.org
.
One problem is probably that you aren't setting the certificate serial number.
You will get the default of zero which will clash with the CA certificate
serial number. The issuer_name and serial number combination should be unique.
Steve.
--
Dr. Stephen Henson [EMAIL PROTECTED
in the
field or indeed privately. Examples would be useful to check out any future
OpenSSL support for them.
Steve.
--
Dr. Stephen Henson [EMAIL PROTECTED]
OpenSSL Project http://www.openssl.org/~steve/
__
OpenSSL
time I looked it had a
couple of OIDs in there and some noticeNumbers but I couldn't find any
descriptions *anywhere* on what the OIDs or numbers meant.
Steve.
--
Dr. Stephen Henson [EMAIL PROTECTED]
OpenSSL Project http://www.openssl.org/~steve
On Fri, Jan 24, 2003, Aonzo Emanuele wrote:
Hi,
I'm trying to develop some RSA methods based on Microsoft CryptoAPI.
I need to know if exists some open source code or example for the
implementation of rsa_priv_enc and rsa_priv_dec unsing the private key on a
smart card.
I've some private
On Fri, Feb 07, 2003, Stephen Henson via RT wrote:
[[EMAIL PROTECTED] - Fri Feb 7 18:39:43 2003]:
Contrary to the documentation EVP_DecryptInit requires the ctx to be
initialized in OpenSSL 0.9.7 (RedHat openssl 0.9.7-3 i686)
This was fixed a couple of weeks back. The fix is in
On Thu, Feb 13, 2003, openssl utilisateur wrote:
hi
i'm trying to make an application that sign and verify in SMime Format
i can sign text file and then verify the signature but
the problem is when i try to sign a binary file (*.doc per example) , i can
sign this file but when i tried to
On Wed, Feb 19, 2003, Eric Cronin wrote:
I am trying to find the analogue of the {i2d,d2i}_{DSA,RSA}PublicKey
functions for ECDSA EC_KEY's. As best I can tell,
i2dECPKParameters+ECPublicKey_get_octet_string and
d2iECPKParameters+ECPublicKey_set_octet_string are the way to do the
On Wed, Feb 19, 2003, Nils Larsch wrote:
I guess the reason for this was to simplify the OpenSSL ASN1 macros/
functions (you can call the corresponding de- encode functions in a
row, without taking care of the pointer).
It was indeed for that purpose. When the old ASN1 code built
On Fri, Mar 07, 2003, Frédéric Giudicelli wrote:
Hi,
I'm planning on developing a fully CMP-support code, should I go ahead or is
there somone already working on it ?
I can't recall anyone mentioning this.
In the case where I should go ahead, shall I use all the available openssl
On Tue, May 27, 2003, josephine suganthi wrote:
Hi,
Is it possible to create a certificate with
enhanced key usage extension using openssl?
What change I have to make on openssl.conf file?
Please help me to create a certificate with this
extension for my test purpose.
Yes it is
On Wed, May 28, 2003, p b wrote:
I had made some test: in fact when I changed the iv, I only changed few
bits, so the uncrypted file seams to be the same. (whatever the value of
iv, only the first bloc change). It's ok.
That's expected behaviour for CBC mode.
phbgt In the man, when
On Wed, May 28, 2003, p b wrote:
In the EVP_SealInit() fonction, the secret key is generated by the random
number generator.
How can I use my own key ?
There's no way to use your own key with that function.
You could however use EVP_CipherInit() and call RSA_public_encrypt() manually
On Thu, May 29, 2003, Fernando Moya wrote:
Hi, I am having problems with GENERAL_NAMES in the following sequence: :
-
DEFINITIONS IMPLICIT TAGS
Seq1 ::= SEQUENCE
{
field1 INTEGER,
field2 Seq2
}
Seq2 ::=
On Fri, May 30, 2003, Steven Reddie wrote:
I think I recall that since GeneralName is a CHOICE that using it with
IMPLICIT tags requires the implicit tag to be declared explicitly to avoid
ambiguity. I'm not an ASN.1 expert but I've come across this problem before
and had to work around it
As should be apparent from the headers, I didn't send that...
irony
Thank you to all the virus scanners which seem to thing otherwise.
/irony
Steve.
--
Dr Stephen N. Henson.
Core developer of the OpenSSL project: http://www.openssl.org/
Freelance consultant see:
On Tue, Jun 10, 2003, Bryce Howard wrote:
I was afraid I was duplicating something else out there, seems that this is not
so. I will clean up the code a bit this week and submit it with the method that
Geoff suggested.
I have also written a CAPI ENGINE but it had to do various evil things
On Mon, Jun 23, 2003, Claude CONVERT wrote:
Hi all
I try to create a pkcs#12 with several secret bags.
I haven't found any sample which indicates how to do this and especially how
to create a secret bag.
I try the following code, but it doesn't work :
PKCS12_SAFEBAG *safebag;
On Thu, Jun 26, 2003, Fernando Moya wrote:
Hi, I am having problems with CHOICE in the following ASN.1 sequence:
-
DEFINITIONS IMPLICIT TAGS
Sub_seq200 ::= SEQUENCE
{
sub_field1 Sub_seq100 OPTIONAL,
On Thu, Jun 26, 2003, Frank Balluffi wrote:
Fernando,
I think all user-defined tags in a CHOICE (e.g., [0]) are EXPLICIT -- I could be
wrong and don't have time to check right now (it's been a while ...).
So I think you want:
ASN1_EXP(Seq1, value.field2,Sub_seq200, 0)
The default
On Wed, Jul 30, 2003, Bala Pitchandi wrote:
Hello All,
I am a newbie to OpenSSL and I have been trying to separate just the DH
algorithm from the whole package and build it in a different OS (RTEMS, a
POSIX compliant, Linux-like OS) using GCC Cross Compiler.
I have been trying to find
On Thu, Jul 31, 2003, Samuel Meder wrote:
I'm currently working on updating our code to work with 0.9.7 and am
hitting a few snags:
* Handling of critical extensions has changed (no big deal, just needed
to make our code tell openssl to ignore critical extensions)
* I know get a core
On Thu, Jul 31, 2003, Samuel Meder wrote:
On Thu, 2003-07-31 at 15:25, Dr. Stephen Henson wrote:
ProxyCertInfoExtension ::= SEQUENCE {
pCPathLenConstraint ProxyCertPathLengthConstraint
OPTIONAL,
proxyPolicy ProxyPolicy
On Thu, Aug 07, 2003, Richard Levitte - VMS Whacker wrote:
In message [EMAIL PROTECTED] on Thu, 07 Aug 2003 11:12:59 +0100, Martin Kochanski
[EMAIL PROTECTED] said:
[Toolhelp stuff]
Haven't been following this thread too closely but I've a vague recollection
that ages ago when I did an
On Sun, Aug 31, 2003, Christian Barmala wrote:
Hi Stephen,
thank you for your fast reply.
- Original Message -
From: Dr. Stephen Henson [EMAIL PROTECTED]
Sent: Sunday, August 31, 2003 3:30 PM
When I use Email I get the Error Message: Subject Attribute Email has
no
known
On Sun, Aug 31, 2003, Christian Barmala wrote:
Hi,
I try to create a certificate request with OpenSSL 0.9.7b
openssl req -subj
/C=DE/ST=Nordrheinwestfalen/L=Oberhausen/O=ABCGmbH/OU=Internet/CN=User
/[EMAIL PROTECTED]
or ... /[EMAIL PROTECTED]
This should be correct, because objects.h
On Mon, Sep 15, 2003, Andrew Stickland wrote:
Hi,
I've encountered a problem with openssl rsautl in that I need to use the
sign function and submit the passphrase from another application.
On Unix I could use an 'expect' but even that would be rather dirty and I'm
not on Unix for this
On Tue, Sep 16, 2003, Andrew Stickland wrote:
Steve,
Thanks for the response.
I think that rsautl already uses load_key() so the EVP_PKEY structure should
already be handled.
What's the policy on contributed source code from outside the core group -
I'd be willing to have a stab at
On Fri, Sep 26, 2003, Robin Ehrlich wrote:
I have an application using the OpenSSL S/MIME interface. When I generate an
encryptred message using DES, the DES key generated does not have odd
parity. The key is generated in pk7_doit.c:PKCS7_dataInit by calling
RAND_bytes().
In testing
On Fri, Sep 26, 2003, Robin Ehrlich wrote:
I would like to be able to add some of my own S/MIME signed attributes based
on characteristics of the message.
Could a callback procedure be added to pk7_smime.c:PKCS7_sign() to support
such a feature?
PKCS7_sign() is meant to be a simple PKCS#7
On Fri, Sep 26, 2003, Verdon Walker wrote:
I noticed a small inconsistency in OpenSSL.
According to the OpenSSL documentation, applications that want to
resume sessions should call SSL_CTX_set_session_id_context() to
provide a unique identifier to be stored with their session caches.
On Tue, Oct 07, 2003, Richard Levitte - VMS Whacker wrote:
As has been seen in my last few commits, I got a bit obsessed with
compression. The way it works now, at least in 0.9.8-dev, is
compliant with draft-ietf-tls-compression-05.txt, as far as I can
tell.
Interesting. Is it still
On Wed, Oct 08, 2003, Richard Levitte - VMS Whacker wrote:
In message [EMAIL PROTECTED] on Tue, 7 Oct 2003 19:16:59 +0200, Dr. Stephen
Henson [EMAIL PROTECTED] said:
steve On Tue, Oct 07, 2003, Richard Levitte - VMS Whacker wrote:
steve
steve As has been seen in my last few commits, I
On Mon, Oct 13, 2003, Frédéric Giudicelli wrote:
Hello,
The following problem is well known, it's about commas in url for
extensions' value.
Here is what a normal LDAP syntax should be:
ldap://host/uid=ca,ou=CAs,dc=host,dc=org?certificateRevocationList
But since the openssl conf
On Mon, Oct 13, 2003, Frédéric Giudicelli wrote:
Ok, here is the code that I use to add extensions to a to-be-signed
certificate:
bool PKI_CERT::Add_CertExtensions(const HashTable_String * Ext, X509V3_CTX
*ctx, X509 *cert) const
{
X509_EXTENSION *ext;
long i;
const char * name;
On Thu, Oct 23, 2003, Pierre De Boeck wrote:
Hi all,
I just try to recompile my openssl applications with
the 0.9.7c and the PKCS12_decrypt_d2i function no longer
exist.
I can use my own decrypt/d2i function but I would prefer
to use what OpenSSL provides as a replacement, if
On Wed, Nov 12, 2003, Geoffrey Huang wrote:
Hi there,
I'm new to using OpenSSL. I've gathered that the EVP* structures are the
high-level structures that OpenSSL prefers me to use. Specifically, I'm
using the EVP_PKEY structure to store key pairs in an internal database -
it's
On Fri, Nov 14, 2003, Pierre De Boeck wrote:
Hi all,
I have 2 versions of a DER-encoded pkcs7-enveloped-data and I would
like to know which one is correct:
I have attached their printable parsed form and they only differ
in one point, namely at the
On Fri, Nov 14, 2003, Pierre De Boeck wrote:
Ok, I think that PKCS7 accepts both DER and BER.
Yes it does. BER is used for streamed content. Though some profiles may
require DER.
So I suppose that the verImpl.txt is perfectly legal. Right?
They are both legal.
Steve.
--
Dr Stephen N.
On Sat, Nov 15, 2003, David wrote:
These bugs all appear to be mostly cosmetic, but they leave me wondering
what the latest valid expiration date is and whether the generated
certificate is actually valid.
The problems are largely based around the behaviour of the system time
libraries
[EMAIL PROTECTED] wrote:
Currently V3 extension support is almost absent.
We've done almost all of what you're suggesting:
typedef struct x509_extension_method_st
{
int nid;
void (*clear)();
int (*get_bool)(); // used if extn is ASN1_BIT_STRING
int
Something which may be of interest is the behaviour of the (currently)
undocumented -dcert and -dkey options of s_server. This may not have
been mentioned before so better to mention it twice than not at all :-)
What these options do is to allow s_server to use two certificates of
different
Sameer Parekh wrote:
d) The OpenSSL project should not allow US persons to contribute to
the OpenSSL source code.
This would be the easiest way to handle things but it might be regarded
as over cautious.
There are some non crypto areas of OpenSSL where US persons might be
able to
Tom Titchener wrote:
Open SSL Developers -
1) When I copy over or unzip from the cvs hierarchy, the
protections on the crypto/x509v3/old_v3 directory files
always prevent the copy. It's safe to ignore this.
Nothing gets built in this directory anyway.
Yep that's just legacy
Josh MacDonald wrote:
To solve your Makefile problems, I think you should all realize that
the GNU autoconf solution, along with automake and libtool, have
improved dramatically in the last couple of years. With libtool,
your shared library problems are solved completely, with no effort,
Josh MacDonald wrote:
Can you elaborate, specifically, about how the license of the various
programs mentioned prevent their use for the present purpose? You
really must support this claim.
My original comment about license problems refererred to Cygnus gcc
library and OpenSSL. Unlike
Chris Zimman wrote:
Starting s_server with:
./ssleay s_server -cert server.pem -CApath ./demoCA -CAfile cacert.pem -verify 1 -www
SSL_accept:before SSL initalisation
SSL_accept:SSLv3 read client hello A
SSL_accept:SSLv3 write server hello A
SSL_accept:SSLv3 write certificate A
I'm not clear on a number of points. I think the easiest way to
handle this is to give some of the requirements of the EVP interface
(not all of which work properly at present) and you can see if that fits
in with your proposal.
Heres the first requirement...
The symmetric cipher code must have
OK let me put this another way. You don't need to really understand how
all the ASN.1 stuff works and I certainly wouldn't expect you to write
it, however what is important is that the new scheme allows the ASN.1
stuff to work and it isn't just plain impossible as with the current
system.
The
Alicia da Conceicao wrote:
Greetings:
I am currently developing a number of Java applets for Netscape which
require special permissions to do things like write files, which violate
Netscape's Java security model. To that end, I need to create signed
jar files, using a developer
Richard Levitte - VMS Whacker wrote:
ulf Another difference between 0.8.1 and 0.9.x is that
ulf RSA_padding_add_none in 0.9.x prepends a null byte first.
ulf
ulf If you want that, the code would look like this:
I'd vote for having RSA_NO_PADDING mean what it says...
Yes so would I. A
1 - 100 of 1282 matches
Mail list logo