Re: S/MIME with attachments
"Hellan,Kim KHE" wrote: Is it possible to also include attachments in an S/MIME message created by OpenSSL? I can only find code to add plain text. Attachments _are_ plain text, once encoded, so there's no problem. Just be sure to include proper MIME headers in the beginning of the file. You can create the encoded MIME object with tools such as "mmencode" (not sure if I remember the name correctly). Good luck. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
SV: S/MIME with attachments
Is it possible to also include attachments in an S/MIME message created by OpenSSL? I can only find code to add plain text. Attachments _are_ plain text, once encoded, so there's no problem. Just be sure to include proper MIME headers in the beginning of the file. You can create the encoded MIME object with tools such as "mmencode" (not sure if I remember the name correctly). Good luck. Thanks... Yes you're right that attachments are plain text as they are BASE64 encoded. Does anyone have some sourcecode for such a "MIME object" encoder? I assume that this "MIME object" file can be supplied as the "-in" parameter to the OpenSSL S/MIME tool. TIA Kim Hellan __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: SV: S/MIME with attachments
"Hellan,Kim KHE" wrote: Is it possible to also include attachments in an S/MIME message created by OpenSSL? I can only find code to add plain text. Attachments _are_ plain text, once encoded, so there's no problem. Just be sure to include proper MIME headers in the beginning of the file. You can create the encoded MIME object with tools such as "mmencode" (not sure if I remember the name correctly). Good luck. Thanks... Yes you're right that attachments are plain text as they are BASE64 encoded. Does anyone have some sourcecode for such a "MIME object" encoder? Try "mmencode" from the Metamail package. It ships with most unices, try google.org or rpmfind.net to locate the source. I assume that this "MIME object" file can be supplied as the "-in" parameter to the OpenSSL S/MIME tool. Yup. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
SSL client failure during renegotiation with cert request
This message continues the thread about SSL client failure when using DES-CBC3-SHA and client authentication... On Wed, Dec 06, 2000 at 02:36:38PM -0800, Jeffrey Ricks wrote: Here are the logs I mentioned. Thanks for offering to look at them. Let me know if you need any more info. Hi Jeff, I have looked into the logs you sent and see, that there is some new fact involved that I didn't know before. I actually don't remember that you mentioned it to the list and it would have changed the discussion significantly. First, let me examine the s_client output from the failing connection: Here, first an SSL connection is successfully established (without a client certificate requested): ... --- No client certificate CA names sent --- SSL handshake has read 1527 bytes and written 240 bytes --- New, TLSv1/SSLv3, Cipher is DES-CBC3-SHA Server public key is 1024 bit SSL-Session: Protocol : TLSv1 Cipher: DES-CBC3-SHA ... Then, application data is succcessfully exchanged and only later the server invokes a renegotiation with the request of a client certificate: ... SSL_connect:SSL renegotiate ciphers SSL_connect:SSLv3 write client hello A SSL_connect:SSLv3 read server hello A depth=1 /C=US/ST=MyState/L=MyCity/O=MyCompany/OU=Client Certificate Authority/CN =Test Root (1024RSA) dev verify return:1 depth=0 /C=US/ST=MyState/L=MyCity/O=MyCompany/OU=Client Certificate Authority/CN =voodoo verify return:1 SSL_connect:SSLv3 read server certificate A SSL3 alert write:fatal:illegal parameter SSL_connect:error in SSLv3 read server key exchange A 7305:error:1408E098:SSL routines:SSL3_GET_MESSAGE:excessive message size:s3_both .c:302: Here the failure occurs. The behaviour shown does match what can be seen from the ssldump output. After 4.5 seconds the initial handshake is finished and your application is sending data. After some data has been sent, a renegotiation is started and excessive data (note the size of the last message) is being sent from the server: ... 1 6 0.2077 (0.) CSV3.1(1) ChangeCipherSpec 1 7 0.2077 (0.) CSV3.1(40) Handshake 1 8 0.2217 (0.0140) SCV3.1(1) ChangeCipherSpec 1 9 0.2217 (0.) SCV3.1(40) Handshake 1 10 4.5120 (4.2902) CSV3.1(80) application_data 1 11 4.5250 (0.0129) CSV3.1(40) application_data 1 12 4.5250 (0.) CSV3.1(40) application_data 1 13 4.5250 (0.) CSV3.1(24) application_data 1 14 4.5250 (0.) CSV3.1(40) application_data 1 15 4.5250 (0.) CSV3.1(56) application_data 1 16 4.5250 (0.) CSV3.1(48) application_data 1 17 4.5250 (0.) CSV3.1(40) application_data 1 18 4.5257 (0.0007) SCV3.1(32) Handshake 1 19 4.5260 (0.0003) CSV3.1(72) Handshake 1 20 4.5268 (0.0007) SCV3.1(96) Handshake 1 21 4.5298 (0.0030) SCV3.1(1408) Handshake 1 22 4.5300 (0.0001) SCV3.1(9920) Handshake According to the s_client output, the error is caused in "SSLv3 read server key exchange A", that would mean in ssl3_get_message() called at line ssl/s3_clnt.c:851. Here a maximum message size is defined: n=ssl3_get_message(s, SSL3_ST_CR_KEY_EXCH_A, SSL3_ST_CR_KEY_EXCH_B, -1, 1024*8, /* ?? */ ok); As 99208192, the error condition is triggered. So by now we know what we are looking for in the next step: is the message size of 9920 reasonable? In this case the 1024*8 is unreasonable and a client error. Or is the server in error in sending this large message size? I must think and read about it, so I hand this analysis to the list, maybe somebody else also can also add his $0.02. Best regards, Lutz -- Lutz Jaenicke [EMAIL PROTECTED] BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/ Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129 Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
ARGH: Help me PLEASE :(
Hi, I hope somebody will help me. For the last two weeks i am trying to write RSA keys to disk. I want two files, one with the private Key and one with the Public key (this one is distributed). For some unknown reason nothing I have tried will work. I tried to write the files with and without BIO and FP, I have tried to convert from ASN to DER and then write to disk. But always something fails, then the write succeeds but the readback fails, then the write fails en the readback succeeds. Can anybody please construct a very simple but effective piece of source which writes an RSA keypair into two files and reads them back in one RSA structure ?? I don't care in which way it is done, if only it works. Thanks you very much. I am supposed to have my application done on a deadline but in the way this is going I will netver get it done on time. Thanks, Thijs. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: ARGH: Help me PLEASE :(
Hi Thijs, try this: int nPrivateKeyLength = i2d_RSAPrivateKey(pRSA, 0); // You receive length in bytes. char* pcPrivateKey = new char[nPrivateKeyLength]; // Allocate memory. i2d_RSAPrivateKey(pRSA, pcPrivateKey );// Store Private key into memory. Now you may write pcPrivateKey to the file (fwrite or something else). Same approach you may use for public key. Regards, Yuriy Stul, Tashilon Core Technology Manager [mailto:[EMAIL PROTECTED]] [http://www.tashilon.com] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED] Sent: Thursday, December 07, 2000 14:23 To: [EMAIL PROTECTED] Subject: ARGH: Help me PLEASE :( Hi, I hope somebody will help me. For the last two weeks i am trying to write RSA keys to disk. I want two files, one with the private Key and one with the Public key (this one is distributed). For some unknown reason nothing I have tried will work. I tried to write the files with and without BIO and FP, I have tried to convert from ASN to DER and then write to disk. But always something fails, then the write succeeds but the readback fails, then the write fails en the readback succeeds. Can anybody please construct a very simple but effective piece of source which writes an RSA keypair into two files and reads them back in one RSA structure ?? I don't care in which way it is done, if only it works. Thanks you very much. I am supposed to have my application done on a deadline but in the way this is going I will netver get it done on time. Thanks, Thijs. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
How to add X509V3 extensions..
Hi all, I have one doubt regarding the X509 v3 extensions. How to add the X509 v3 extension attributes to the certificate request? Regards Suram
Re: ARGH: Help me PLEASE :(
[EMAIL PROTECTED] wrote:
Hi,
I hope somebody will help me.
For the last two weeks i am trying to write RSA keys to disk.
I want two files, one with the private Key and one with the Public key (this one
is distributed).
For some unknown reason nothing I have tried will work. I tried to write the
files with and without BIO and FP, I have tried to convert from ASN to DER and
then write to disk. But always something fails, then the write succeeds but the
readback fails, then the write fails en the readback succeeds.
OK if it'll make you happy :-)
#include openssl/pem.h
main()
{
RSA *rsa, *rsa_pub, *rsa_priv;
FILE *in, *out;
/* Generate RSA key */
rsa =RSA_generate_key(1024,0x10001,NULL,NULL);
out = fopen("pubkey.pem", "w");
PEM_write_RSAPublicKey(out, rsa);
fclose(out);
out = fopen("privkey.pem", "w");
PEM_write_RSAPrivateKey(out, rsa, NULL, NULL, 0, NULL, NULL);
fclose(out);
in = fopen("pubkey.pem", "r");
rsa_pub = PEM_read_RSAPublicKey(in, NULL, NULL, NULL);
fclose(in);
in = fopen("privkey.pem", "r");
rsa_priv = PEM_read_RSAPrivateKey(in, NULL, NULL, NULL);
fclose(in);
printf("Public Key:\n");
RSA_print_fp(stdout, rsa_pub, 0);
printf("\n\nPrivate Key:\n");
RSA_print_fp(stdout, rsa_priv, 0);
}
In practice error checking would be performed after the reads and the
fopen calls but that's been omitted to keep it simple.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
form signing
Hi, I am writing an utility for HTML form signing for Microsoft IE. I am using ActiveX object and Crypto API library. I am sending HTML form to Apache server. Can you help me, how can I write application for verifying signed form or can you send me any web link to some example? Thanks Libor __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: SSL client failure during renegotiation with cert request
Lutz, After working with Eric R. a bit last night to get ssldump to decrypt my messages, I discovered that with openssl-0.9.6 at both the client and server, the cipher problem goes away. Unfortunately, this doesn't help me because at least for now, I'm stuck using 0.9.4 all around. The other thing is that I don't know where that 9920 long message is coming from... none of the tests I'm running have anything returned that's even close to that size. If you or anyone else needs any more details on this, please let me know. Thanks, Jeff --- Lutz Jaenicke [EMAIL PROTECTED] wrote: This message continues the thread about SSL client failure when using DES-CBC3-SHA and client authentication... On Wed, Dec 06, 2000 at 02:36:38PM -0800, Jeffrey Ricks wrote: Here are the logs I mentioned. Thanks for offering to look at them. Let me know if you need any more info. Hi Jeff, I have looked into the logs you sent and see, that there is some new fact involved that I didn't know before. I actually don't remember that you mentioned it to the list and it would have changed the discussion significantly. First, let me examine the s_client output from the failing connection: Here, first an SSL connection is successfully established (without a client certificate requested): ... --- No client certificate CA names sent --- SSL handshake has read 1527 bytes and written 240 bytes --- New, TLSv1/SSLv3, Cipher is DES-CBC3-SHA Server public key is 1024 bit SSL-Session: Protocol : TLSv1 Cipher: DES-CBC3-SHA ... Then, application data is succcessfully exchanged and only later the server invokes a renegotiation with the request of a client certificate: ... SSL_connect:SSL renegotiate ciphers SSL_connect:SSLv3 write client hello A SSL_connect:SSLv3 read server hello A depth=1 /C=US/ST=MyState/L=MyCity/O=MyCompany/OU=Client Certificate Authority/CN =Test Root (1024RSA) dev verify return:1 depth=0 /C=US/ST=MyState/L=MyCity/O=MyCompany/OU=Client Certificate Authority/CN =voodoo verify return:1 SSL_connect:SSLv3 read server certificate A SSL3 alert write:fatal:illegal parameter SSL_connect:error in SSLv3 read server key exchange A 7305:error:1408E098:SSL routines:SSL3_GET_MESSAGE:excessive message size:s3_both .c:302: Here the failure occurs. The behaviour shown does match what can be seen from the ssldump output. After 4.5 seconds the initial handshake is finished and your application is sending data. After some data has been sent, a renegotiation is started and excessive data (note the size of the last message) is being sent from the server: ... 1 6 0.2077 (0.) CSV3.1(1) ChangeCipherSpec 1 7 0.2077 (0.) CSV3.1(40) Handshake 1 8 0.2217 (0.0140) SCV3.1(1) ChangeCipherSpec 1 9 0.2217 (0.) SCV3.1(40) Handshake 1 10 4.5120 (4.2902) CSV3.1(80) application_data 1 11 4.5250 (0.0129) CSV3.1(40) application_data 1 12 4.5250 (0.) CSV3.1(40) application_data 1 13 4.5250 (0.) CSV3.1(24) application_data 1 14 4.5250 (0.) CSV3.1(40) application_data 1 15 4.5250 (0.) CSV3.1(56) application_data 1 16 4.5250 (0.) CSV3.1(48) application_data 1 17 4.5250 (0.) CSV3.1(40) application_data 1 18 4.5257 (0.0007) SCV3.1(32) Handshake 1 19 4.5260 (0.0003) CSV3.1(72) Handshake 1 20 4.5268 (0.0007) SCV3.1(96) Handshake 1 21 4.5298 (0.0030) SCV3.1(1408) Handshake 1 22 4.5300 (0.0001) SCV3.1(9920) Handshake According to the s_client output, the error is caused in "SSLv3 read server key exchange A", that would mean in ssl3_get_message() called at line ssl/s3_clnt.c:851. Here a maximum message size is defined: n=ssl3_get_message(s, SSL3_ST_CR_KEY_EXCH_A, SSL3_ST_CR_KEY_EXCH_B, -1, 1024*8, /* ?? */ ok); As 99208192, the error condition is triggered. So by now we know what we are looking for in the next step: is the message size of 9920 reasonable? In this case the 1024*8 is unreasonable and a client error. Or is the server in error in sending this large message size? I must think and read about it, so I hand this analysis to the list, maybe somebody else also can also add his $0.02. Best regards, Lutz -- Lutz Jaenicke [EMAIL PROTECTED] BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/ Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129 Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153 __ Do You Yahoo!? Yahoo! Shopping - Thousands of Stores. Millions of Products. http://shopping.yahoo.com/ __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager
Netscape SSL with IMAP problem
Hi.. My department has purchased two certificates from Equifax Secure -- one for our SSL-enabled web server (www.cs.yorku.ca), and the other for our SSL-enabled IMAP mail server (mail.cs.yorku.ca). For the web server, we are using Apache 1.3.14 + SSL 1.42. For IMAP, we are using University of Washington's imap 2000 with SSL. I have installed OpenSSL 0.9.6. When I received the e-mail from Equifax with the certificates, I was sent three pieces: 1) The Equifax Secure E-Business CA-2 certificate (C=US, O=Equifax Secure Inc, CN=Equifax Secure E-Business CA-2) which is signed by: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server [EMAIL PROTECTED] 2) The mail.cs.yorku.ca certificate 3) The www.cs.yorku.ca certificate I copied the equifax certificate into /usr/local/ssl/certs. I got the Thawte public certificate and put it into /usr/local/ssl/certs. I got the hash values for each of these files with: openssl x509 -in file -hash and symlinked the name to the hash value.0 for each file. I then concatenated the mail.cs.yorku.ca with the private key that we generated when we generated our CSR and I did the same thing for WWW. I was able to "openssl verify" both certificates. Both were "OK". If I try to connect to our secure web server with both Netscape and Internet Explorer, everything works fine. If I try to connect to our IMAP SSL server with Unix Pine mail reader, I can see that the appropriate hash files are read, and the session is encrypted. If I try to connect to our IMAP SSL server with Outlook Express, Outlook doesn't show any signs of being connected to an encrypted link, but a snoop shows that the connection is indeed encrypted. (I am sort of surprised that Outlook Express doesn't have a method by which you can view the certificate chain like in Internet Explorer?) Finally, if I try to connect to the IMAP SSL server with Netscape Communicator v4.75 and v6 -- the *SAME* Netscape Communicator that talks to our SSL enabled web server without complaining suddenly says that it does not does not recognize the authority who signed its Certificate". If I continue, the session is indeed encrypted, but I specifically purchased a certificate for the mail server so that the signer would be trusted, and that message wouldn't come up -- otherwise, I could have just use a self-signed certificate! I have spent an entire day trying to figure out why this happens, and I cannot. Does anyone have any ideas? The only fishy thing to me is that in the Netscape signer list, I see: Equifax Premium CA Equifax Secure CA *not* Equifax Secure E-Business CA-2 But Netscape happily accepts the web connection, so it must be using a fingerprint that is the same as one of the other two because all my other certificate lists (other than "Signers") are empty. Any help you could provide would be (very) much appreciated. Jason Keltz ([EMAIL PROTECTED]) Technical Support Department of Computer Science York University Toronto, Ontario CANADA __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Help with Outlook
I am having troubles getting Outlook to accept my signed e-mail. When I send the same e-mail to Netscape on linux, it works fine. Outlook complains that the sender does not match the certificate, and it shows the sender as being blank. When I look at the message source, I don't see any problems? If someone wants me to send a signed message, please let me know... Scott Nelson Thermeon Corporation - St. Louis Voice: (314) 316-6010 E-Mail: [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: Experiencing error when installing a Verisign certificate!
Jean-Marc/Others: I found my problem. The SSLCACertificateFile was pointing to the *wrong* *.pem file. Thanks for all the help. By the way everyone, thanks for putting up with me asking questions on this list. After I sent the original email I came to realize that I probably should have contacted the mod_ssl mailing list instead. You all have shown yourselves to be very forgiving of my foolishness and I greatly appreciate it! Paul E Wilt Principal Software Engineer XanEdu, Inc. ( a division of Bell+Howell InformationLearning) http://www.XanEdu.com mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] 300 North Zeeb Rd Phone: (734) 975-6021 (800) 521-0600 x6021 Ann Arbor, MI 48106 Fax:(734) 973-0737 -Original Message- From: Wilt, Paul [mailto:[EMAIL PROTECTED]] Sent: Wednesday, December 06,2000 2:12 PM To: '[EMAIL PROTECTED]' Subject: RE: Experiencing error when installing a Verisign certificate! Jean-Marc: I hate to be totally stupid but what is the CRL and where are the CA PEM files supposed to be located? What does the directory where those PEM files are located supposed to look like? Sorry for all the bone- headed questions but I have not been able to trace this down! Thanks Paul E Wilt Principal Software Engineer XanEdu, Inc. ( a division of Bell+Howell InformationLearning) http://www.XanEdu.com mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] 300 North Zeeb Rd Phone: (734) 975-6021 (800) 521-0600 x6021 Ann Arbor, MI 48106 Fax:(734) 973-0737 -Original Message- From: Jean-Marc Desperrier [mailto:[EMAIL PROTECTED]] Sent: Wednesday, December 06,2000 1:46 PM To: [EMAIL PROTECTED] Subject: Re: Experiencing error when installing a Verisign certificate! "Wilt, Paul" wrote: [04/Dec/2000 12:09:21 5411938] [info] Init: Initializing OpenSSL library [04/Dec/2000 12:09:21 5411938] [info] Init: Loading certificate private key of SSL-aware server storefront.xanedu.com:8443 There apache loads your server and private key. It work ok : No error. I can tell there is no password on your private key, or there would be log that says the password has been read from user. [04/Dec/2000 12:09:24 5523600] [error] Init: (storefront.xanedu.com:8443) Unable to configure verify locations for client authentication (OpenSSL library error follows) There apache tries to load the PEM certificate of the CA that must be used for user verification in SSLv3. It doesn't work. There seem to be a problem with the end of line. [04/Dec/2000 12:09:24 5523600] [error] OpenSSL: error:0B084009:x509 certificate routines:X509_load_cert_crl_file:missing asn1 eos I must say I'm not completely sure if it's the loading of the CA certficates that fails, or the loading of the CRL that's associated to that CA. Anyway this should help you to search in the right direction. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Netscape SSL with IMAP problem
Jason Keltz wrote: Can someone explain why the server has to pass along the certificates from the CAs though? I don't quite understand. I'm new to this all. Isn't it up to the server to send out just the certificate, and then up to the client to do the checks? On one side, it's because the TLS1 spec (haven't got an URL to the SSL3 drafts handy) says so. The self-signed certificate at the top level can optionally be omitted though, since it will need to be explicitly trusted (and thus, I presume, known) or the client-side verification will fail. On a more practical note, I think it is a very convenient thing to do, given the fact that there's still, to my knowledge, no standardized way for a given TLS client to be able to perform path discovery, meaning that it won't necessarily be able to contruct a given chain on its own. Even were it able to, it would conceivably run in to problems anyway due to the "ship first, ask questions later" approach taken by a great deal (kind of an understatement) of the PKIs I've come across so far. I can't actually think of a single one that I've actually managed to verify without hiccups, however minor, against the path validation algorithms in either X.509 or RFC 2459. This might very well be a problem with me, my diligence, or my memory though; in all fairness. I mean, isn't it counter-productive -- couldn't the server (be it imap or http) somehow send along fake CA certificates that make the real certificate look as if it were truly signed when it's not? It would still need to compromise the private key of a certificate that were trusted by the client in order to create a chain it would be able to verify. //oscar __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Help: Link and use libraries of OPENSSL in C++ Builder 5
I have some problems of using "ssleay32.dll" and "libeay32.dll" in BCB5 on Windows platform. I did my job as follows: 1. Used implib.exe of CB to obtain .lib files-- implib.exe ssleay32.lib ssleay32.dll implib.exe libeay32.lib libeay32.dll 2. Added the two .lib files in my CB application project. 3. Included .h files of openssl in my project-- when I compiled my project without modifying the .h files,there were some link errors like "Unresolved external..". So I added a line in each .h files: #define IMPORT __declspec(dllimport) __stdcall then added "IMPORT" in the definition of EACH function(that's so tiring!! :(( ): EVP_PKEY * IMPORT EVP_PKEY_new(void); I built the project again,this time it was OK. I did not know wether the way of modifying .h files was a FORMAL PROPER way!! :(( Although it worked,it did not work well. There were unovercomed link errors when I wanted to call another format API like that: #define PEM_write_RSAPublicKey(fp,x) PEM_ASN1_write((int (*)())i2d_RSAPublicKey. int IMPORT PEM_ASN1_write_bio(int (*i2d)(),const char *name.. PEM_write_RSAPublicKey was not a directly defined function. Have somebody met the same problem like me? Who can tell me a correct way of link and call APIs of Openssl in C++ Builer? Thanx!!! __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[Announce] M2Crypto 0.05p1 and Win32 binaries]
Hello, M2Crypto 0.05p1 is now available, in source and Win32 binary packages. M2Crypto is a Python interface to OpenSSL's ciphers, message digests and SSL and S/MIME functionality. Get it here: http://www.post1.com/home/ngps/m2 As usual, feedback is welcome. -- Ng Pheng Siong [EMAIL PROTECTED] * http://www.post1.com/home/ngps __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Netscape SSL with IMAP problem
Jason Keltz wrote: Can someone explain why the server has to pass along the certificates from the CAs though? I don't quite understand. I'm new to this all. Isn't it up to the server to send out just the certificate, and then up to the client to do the checks? I mean, isn't it counter-productive -- couldn't the server (be it imap or http) somehow send along fake CA certificates that make the real certificate look as if it were truly signed when it's not? I believe I once saw on the Equifax site that they use signing certificates signed by Thawte -- so its possible that their certificate is not in the browser but that the browser can verify the Equifax certificate against the Thawte cert, and then verify yours against the Equifax cert. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
