Bonjour Peter Sylvester,
Extensions are ignored in the root.
Without telling what critical extensions you have, it is difficult to help.
I had some extensions set to critical in my Sub CA certificates, i have re
generated all the sub CA certificates and now it works fine. Thats rite that
Forwarding to openssl-users for discussion.
Best regards,
Lutz
- Forwarded message from Pamela Pomary ppom...@ug.edu.gh -
Date: Thu, 10 Jun 2010 18:09:07 - (GMT)
Subject: make: don't know how to make
/usr/local/ssl/fips-1.0/lib/fipscanister.o. Stop
From: Pamela
t I'm having a heck of a time trying to get a renewed cert loaded up into
Tomcast for our CAS system. It keeps saying 'unable to load private key'.
It's worked before but this time we have a renewed cert. Anyone have any ideas?
Hi Jeff,
-Original Message-
From: Jeffrey Walton
Hi Patrick,
I'm afraid I don't get your point.
(1) Wild carding violates the Principle of Least Privilege.
I can't see that any endpoint in the communication gets more privilege than
necessary when I equip my host with a wildcard
On Thu, Jun 10, 2010 at 03:55:40PM -0700, David Schwartz wrote:
Hannes Schuller wrote:
I'm very puzzled here. Why do you sign the reply and then sign a hash
of the signature? You say Message encryption successful, but that's
a signature you're doing, not an encryption.
I was
Forwarded to openssl-users for discussion.
Best regards,
Lutz
- Forwarded message from Marcus Franke m.fra...@cytainment.de -
Date: Fri, 11 Jun 2010 10:21:26 +0200
From: Marcus Franke m.fra...@cytainment.de
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.9)
On Thu, Jun 10, 2010, Chris Bare wrote:
I have 2 different certs with the same subject name in a CA dir:
lrwxrwxrwx 1 chris chris 23 2010-06-10 14:35 0721e1e6.0 - other.pem
lrwxrwxrwx 1 chris chris 18 2010-06-10 14:35 0721e1e6.1 - ssl.pem
when I try to establish an ssl connection:
On Fri, Jun 11, 2010, Lutz Jaenicke wrote:
the intermediate certificates used by VeriSign to sign certificates are
not included in the default ssl packages.
The missing keys can be found at this site:
http://www.verisign.com/support/verisign-intermediate-ca/extended-validation/index.html
On Thu, Jun 10, 2010, Lutz Jaenicke wrote:
i'm installing openssl-0.9.8l on freebsd 8.0. It complains about the
following:
making all in crypto/ui...
making all in crypto/krb5...
making all in crypto/store...
making all in crypto/pqueue...
making all in fips...
make: don't know how to
On Thu, Jun 10, 2010, Chris Bare wrote:
I have 2 different certs with the same subject name in a CA dir:
lrwxrwxrwx 1 chris chris 23 2010-06-10 14:35 0721e1e6.0 - other.pem
lrwxrwxrwx 1 chris chris 18 2010-06-10 14:35 0721e1e6.1 - ssl.pem
when I try to establish an ssl
Recently I got the same problems here. Normally if you have multiple
certificates with the same subject, OpenSSL will pick up the first one. As
Stephen said, OpenSSL will also check AKID/SKID, but only if both of them have
that extension available. Otherwise, it won't. Even the target
I've got blowfish encryption and decryption working, except that after
the input data gets to around 1kB, it crashes when trying to decrypt
the last encrypted output.
here's the code (pardon/ignore the objective-c stuff)...
#define INBUFFERSIZE 1024
#define OUTBUFFERSIZE 1032
static const
It's sigaborting inside EVP_DecryptFinal_ex(). The SIGABRT is
triggered by an assert:
/SourceCache/OpenSSL098/OpenSSL098-32/src/crypto/evp/evp_enc.c(326):
OpenSSL internal error, assertion failed: b = sizeof ctx-final
Chuck
On June 11, 2010 03:18:49 P.M. EDT, charlie u...@juun.com
From: owner-openssl-us...@openssl.org On Behalf Of Jeremy Bennett
Sent: Thursday, 10 June, 2010 23:03
t I'm having a heck of a time trying to get a renewed cert
loaded up into Tomcast for our CAS system. It keeps saying
'unable to load private key'. It's worked before but this
time we
Charlie wrote:
His algorithm has one part that doesn't seem right to me, but changing
it made things even worse. It seems weird that the Final function is
inside the main for loop. It seems like final should mean... final.
(ie: after the looping is done).
It's quite common that fixing one
15 matches
Mail list logo