help
Dear Sir or Madam, How to make PKCS7 ceritificate from certificate request? Thanks Hao Shi ¡¡2002-03-29 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
$ENV{HTTPS_CA_FILE} what is this value ?
Hi, What should these variable values $ENV{HTTPS_CA_FILE} and$ENV{HTTPS_CA_DIR}. I don't know what to pass tothese variables. Can you please advice me on this. Ihave the Cert.pfx file. How do I make the HTTPS_CA_file etc.Please suggest me on this. Thanks in advance. Regards,Do You Yahoo!? Yahoo! Movies - coverage of the 74th Academy Awards®
SSL_CTX_use_PrivateKey_file()
Hi, can somebody help me out. when i use the SSL_CTX_use_PrivateKey_file() function in my client and serverprogram, both the server and client progarm asks on the command prompt to Enter PEM pass phrase: I dont wantthe user to enter the pass phrase, how to avoid this situation. Is there anyway ? biswaksen
Re: help
Hello Hao, Friday, March 29, 2002, 10:29:23 AM, you wrote: HS Dear Sir or Madam, HSHow to make PKCS7 ceritificate from certificate request? HSThanks openssl pkcs7 -inform PEM -in urcert.crt -out urcert.p7b -- Best regards, Yours, Gary Chen OICQ: 239696 ICQ UIN: 8444147 E-Mail: [EMAIL PROTECTED] Homepage: http://www.ipsprite.com __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Doubt regarding Certificate's Public Key
From: Chandu [EMAIL PROTECTED] suram I accept with you. In the case of an OCSP Responder, this is possible. suram suram But can we imagine of a case where the end-entity(ie., a user) gets two suram certificates from two different CA's for the same Public Key?? suram suram I would like to know what uses it may have If the end user creates his or her own key, it's completely up to him or her, isn't it? I personally see no real harm if the end user knows how to properly handle this, as in take care of his or her key. -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
SSL_CTX_use_PrivateKey_file()
Hi, can somebody help me out. when i use the SSL_CTX_use_PrivateKey_file() function in my client and server program, both the server and client progarm asks on the command prompt to Enter PEM pass phrase: I dont want the user to enter the pass phrase , how to avoid this situation. Is there anyway to set the pass phrase from the program only biswaksen __ Do You Yahoo!? Yahoo! Greetings - send holiday greetings for Easter, Passover http://greetings.yahoo.com/ __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: Adding SSL to an existing protocol
If you email me directly I will send you a copy of the Word doc in RTF format. -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of IEEE ConsultingSent: Thursday, March 28, 2002 9:17 AMTo: [EMAIL PROTECTED]Subject: RE: Adding SSL to an existing protocol Yes, please share your work - Thanks! IEEE Consulting Chuck Roberts [EMAIL PROTECTED] wrote: Openssl has a S_Client mode where it will use SSL for any TCPconnection. I am looking into using it this way, to connect aWin98 machine to mysql (which supports SSL) via the internet. ButI'm not sure how to set it up exactly.Chuckp.s. I could send you a Word doc that summarizes my research intothis area if you want. It is Word 2000, about 5 pages.
RE: Configure and using SSL!!
Title: RE: Configure and using SSL!! I use PacketMon from www.analogx.com (it's free) for sniffing. I look at ports 1481 for data going to mysql. -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Vinson Armstead - PASent: Thursday, March 28, 2002 10:28 AMTo: 'Zamangoer, Ferruh 'Cc: '[EMAIL PROTECTED] '; ''[EMAIL PROTECTED]' 'Subject: RE: Configure and using SSL!! using a Sniffer or analyzer should help you see the data between the SSL client Server -Original Message- From: Zamangoer, Ferruh To: [EMAIL PROTECTED]; '[EMAIL PROTECTED]' Sent: 3/28/2002 10:18 AM Subject: Configure and using SSL!! Hi all, I want to use OpenSSL and want to know If anybody can help me by understanding the using of SSL. First I have installed OpenSSL and then OpenLDAP. I have found a great How to install OpenSSL at www.bayour.com . I have follow the steps building and installing the openSSL. Then I create my Certificates. But how can I see if my connection over the network is secured and if the data is encrypted ??? Can anybody give me some Tips or some Links thanks in advance regards Ferruh __ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: How do I get the Common Name and DNS Name?
Daryl, Just wanted to say thanks for your help. It's helped a lot. Thanks Shane Titus - Original Message - From: Daryl Odnert [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, March 28, 2002 6:05 PM Subject: RE: How do I get the Common Name and DNS Name? Also, note that you should check for the 'type' field of the GENERAL_NAME structure equal to GEN_DNS instead of GEN_EMAIL. Daryl __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Limiting key size
Hi folks, how can one limit and enforce the the key size that can be generated and used by openSSL and related utilities. The enforcement has to happen on multiple levels, 1. At generation. 2. Loading keys into the context. I am presuming that the ciphers can be limited to a lower or higher strength by using the cipher call in openSSL. Thanks Baber :) __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: I'm writing a book...
and perhaps you can share those 15 pages with the OpenSSL community after being on this list for a while, it seems that some straight forward references would be useful for a lot of newbies. That would be great. Billy- Mike Schiffman wrote: Hi. I'm writing a book on open source network security tools and I'm covering a portion of OpenSSL and I have a few questions for those of you who are seasoned OpenSSL users / developers. I'll ask them in order of stupidity... ;) 1) The evp(3) interface (all of the EVP_ functions) refers to an Envelope interface, right? 2) The _ex functions (such as EVP_CipherInit_ex(), EVP_DigestInit_ex(), etc) appear to offer Engine arguments where applicable. Is this the only tangible benefit? Is there any reason as an application programmer using the default software engine to use these _ex functions as opposed to the regular counterparts (which call the _ex functions internally)? What is the _ex supposed to canonically refer to? 3) I will have this short 15 page chapter completed in a few days and I would love to get someone from the OpenSSL project to give the once over from a technical perspective (it shouldn't take more than an hour of work for someone handy with the library). The chapter consists of an overview of a few of the finer points of the library and some very short sample code that needs another set of eyes. I can't offer any cash as my publisher has not given me a budget for this, but I can get books for the reviewer! If anyone has any remote interest in helping me out, getting your name in my up and coming book, and getting some free books (technical or otherwise) from the world's largest book publisher, Wiley and Sons, please let me know ASAP! -- Mike Schiffman, CISSP Director of Security Architecture @stake, Inc 565 Commercial Street San Francisco, CA 94111 415.572.6014 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: certificate verification and Sub CAs
Of all the gin joints in all the towns in all the world, Shaw, George had to walk into mine and say: It sounds to me like he does trust the root CA, he just wants to deny access to certain Sub CAs. Correct. Specifically, everyone else :-) I think you would need to program this into your verify callback function. The man pages are pretty clear on how to do this. Which I had already done; I was just hoping there was a better way, like (for example) setting trust parameters on the sub-ca certificate. -- Harald Koch [EMAIL PROTECTED] It takes a child to raze a village. -Michael T. Fry __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
linking problems - s_client on Win2K using MSVC++ 6
Hi, I am trying to run s_client in a separate workspace with all the needed source files but am getting the following link errors: s_client.obj : error LNK2001: unresolved external symbol _BIO_free s_client.obj : error LNK2001: unresolved external symbol _CRYPTO_free s_client.obj : error LNK2001: unresolved external symbol _SSL_CTX_free s_client.obj : error LNK2001: unresolved external symbol _SSL_free and the list goes on. Is there a specific libraray other than ssleay32.dll that I need to include? __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
SSL_get_verify_result(ssl)
Hi, I have written a client/server code using openssl. when i am verifying the server certificate on the client side and also the client certificate on the server side the verification fails. On the client side , SSL_get_verify_result(ssl) returns code 18. which is : 18 X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: self signed certificate i have the server certificate on the client side and i am using this function in my client code. if (SSL_CTX_load_verify_locations(ctx,CERTF,HOME) = 0 ) { ERR_print_errors_fp(stderr); exit(3);} where CERTF is server certificate and HOME is the certificate path. i have used verify command to check the server certificate which the server is sending to the client and the certificate the client is having on its side. this command gives OK. then i dont know where is the problem. Please tell me why it fails. biswaksen
ERR: /usr/ucb/cc: language optional software package not installed
in the Bourne-Shell I've ran the sh config n-idea no-threads -fPIC command and get this error when executing the make...this is being installed on a Sun Solaris platform...the following is a copy of messages typed in the command window...the complier is the standard Sun C compiler...any suggestions? $ sh config \ no-idea \ no-threads \ -fPIC Operating system: sun4u-whatever-solaris2 Configuring for solaris-sparcv9-cc Configuring for solaris-sparcv9-cc IsWindows=0 CC=cc CFLAG =-KPIC -DDSO_DLFCN -DHAVE_DLFCN_H -DNO_IDEA -fPIC -xtarget=ultra - xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W -DULTRASPARC -DM D5_ASM EX_LIBS =-lsocket -lnsl -ldl BN_ASM=asm/sparcv8plus.o DES_ENC =des_enc.o fcrypt_b.o BF_ENC=bf_enc.o CAST_ENC =c_enc.o RC4_ENC =rc4_enc.o RC5_ENC =rc5_enc.o MD5_OBJ_ASM =asm/md5-sparcv8plus.o SHA1_OBJ_ASM = RMD160_OBJ_ASM= PROCESSOR = RANLIB=/usr/ccs/bin/ranlib PERL =/usr/bin/perl THIRTY_TWO_BIT mode DES_PTR used DES_RISC1 used DES_UNROLL used BN_LLONG mode RC4 uses uchar RC4_CHUNK is unsigned long long BF_PTR used Makefile = Makefile.ssl e_os.h = include/openssl/e_os.h [File exists] e_os2.h = include/openssl/e_os2.h [File exists] making links in crypto... Makefile = Makefile.ssl crypto.h = ../include/openssl/crypto.h [File exists] tmdiff.h = ../include/openssl/tmdiff.h [File exists] opensslv.h = ../include/openssl/opensslv.h [File exists] opensslconf.h = ../include/openssl/opensslconf.h [File exists] ebcdic.h = ../include/openssl/ebcdic.h [File exists] symhacks.h = ../include/openssl/symhacks.h [File exists] Makefile = Makefile.ssl making links in crypto/md2... Makefile = Makefile.ssl md2.h = ../../include/openssl/md2.h [File exists] md2test.c = ../../test/md2test.c [File exists] making links in crypto/md4... Makefile = Makefile.ssl md4.h = ../../include/openssl/md4.h [File exists] md4test.c = ../../test/md4test.c [File exists] md4.c = ../../apps/md4.c [File exists] making links in crypto/md5... Makefile = Makefile.ssl md5.h = ../../include/openssl/md5.h [File exists] md5test.c = ../../test/md5test.c [File exists] making links in crypto/sha... Makefile = Makefile.ssl sha.h = ../../include/openssl/sha.h [File exists] shatest.c = ../../test/shatest.c [File exists] sha1test.c = ../../test/sha1test.c [File exists] making links in crypto/mdc2... Makefile = Makefile.ssl mdc2.h = ../../include/openssl/mdc2.h [File exists] mdc2test.c = ../../test/mdc2test.c [File exists] making links in crypto/hmac... Makefile = Makefile.ssl hmac.h = ../../include/openssl/hmac.h [File exists] hmactest.c = ../../test/hmactest.c [File exists] making links in crypto/ripemd... Makefile = Makefile.ssl ripemd.h = ../../include/openssl/ripemd.h [File exists] rmdtest.c = ../../test/rmdtest.c [File exists] making links in crypto/des... Makefile = Makefile.ssl asm/perlasm = ../../perlasm des.h = ../../include/openssl/des.h [File exists] destest.c = ../../test/destest.c [File exists] making links in crypto/rc2... Makefile = Makefile.ssl rc2.h = ../../include/openssl/rc2.h [File exists] rc2test.c = ../../test/rc2test.c [File exists] making links in crypto/rc4... Makefile = Makefile.ssl rc4.h = ../../include/openssl/rc4.h [File exists] rc4test.c = ../../test/rc4test.c [File exists] making links in crypto/rc5... Makefile = Makefile.ssl rc5.h = ../../include/openssl/rc5.h [File exists] rc5test.c = ../../test/rc5test.c [File exists] making links in crypto/bf... Makefile = Makefile.ssl blowfish.h = ../../include/openssl/blowfish.h [File exists] bftest.c = ../../test/bftest.c [File exists] making links in crypto/cast... Makefile = Makefile.ssl cast.h = ../../include/openssl/cast.h [File exists] casttest.c = ../../test/casttest.c [File exists] making links in crypto/bn... Makefile = Makefile.ssl bn.h = ../../include/openssl/bn.h [File exists] bntest.c = ../../test/bntest.c [File exists] exptest.c = ../../test/exptest.c [File exists] making links in crypto/rsa... Makefile = Makefile.ssl rsa.h = ../../include/openssl/rsa.h [File exists] rsa_test.c = ../../test/rsa_test.c [File exists] making links in crypto/dsa... Makefile = Makefile.ssl dsa.h = ../../include/openssl/dsa.h [File exists] dsatest.c = ../../test/dsatest.c [File exists] making links in crypto/dh... Makefile = Makefile.ssl dh.h = ../../include/openssl/dh.h [File exists] dhtest.c = ../../test/dhtest.c [File exists] making links in crypto/dso... Makefile = Makefile.ssl dso.h = ../../include/openssl/dso.h [File exists] making links in crypto/engine... Makefile = Makefile.ssl engine.h = ../../include/openssl/engine.h [File exists] enginetest.c = ../../test/enginetest.c [File exists] making links in crypto/buffer... Makefile = Makefile.ssl buffer.h = ../../include/openssl/buffer.h [File exists] making links in crypto/bio... Makefile = Makefile.ssl bio.h = ../../include/openssl/bio.h [File exists] making links in crypto/stack... Makefile = Makefile.ssl stack.h =