Re: Certificates
Mark wrote: in OPENSSL_DIR/ssl/misc is a demo script that does something like a very small and dump CA... I don't seem to have this directory. Replace OPENSSL_DIR with the installation path of your openssl version... Bye Goetz -- DMCA: The greed of the few outweighs the freedom of the many smime.p7s Description: S/MIME Cryptographic Signature
Re: Certificates
Mark wrote: You point at it in the context before the handshake. You can either point at a dir full of digest named ones or a specific root cert file. Strangely I tried the former which did not work. The latter method appears to work fine (it connected and exchanged data anyway). did you a c_rehash ca_directory ? with ca_directory being the path to the directory with the CA file(s) ? Naturally you have to set the directory in openssl with the -CApath command line option and the SSL_CTX_load_verify_locations(ctx, NULL, CApath) function call... Bye Goetz -- DMCA: The greed of the few outweighs the freedom of the many smime.p7s Description: S/MIME Cryptographic Signature
Re: Openssl and Multi-Sites Certificats SSL
Farid Izem wrote: Hi Goetz, Hello Farid, What do you mean by subjectAltName=DNS:host1.domain1,DNS:host2.domain2,... ?? I have to change the openssl.cnf ? Can you please more explicit ? Lets try: To tell your client(s) that this server certificate is good for more than one host name, you can either set multual common names in the DN containing the host names you want (old style), Or set multual subjectAltName extensions (new (PKIX) style) To insert one or more subjectAltName extensions you modify the openssl.cnf to contain them with the subjectAltName=DNS:host1.domain1,DNS:host2.domain2,... line in the section containing the extensions. But this doesn't work with stone age (broken) browsers. On 11/23/05, *Goetz Babin-Ebell* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Farid Izem wrote: I d'like to generate a Sefl Signed SSL Certificates which will be serve for multi hosted sites on the same server. subjectAltName=DNS:host1.domain1 ,DNS:host2.domain2,... Bye Goetz -- DMCA: The greed of the few outweighs the freedom of the many smime.p7s Description: S/MIME Cryptographic Signature
Re: question about data transfer
Thank you for your advice. Now i've desided to write a new application instead of using an existing protocol.But I'm a fresh men here, so not very clear with what should i do first,would you please give me some advices about this ? thank you very much! Sun yingming From:Bear Giles [EMAIL PROTECTED]Reply-To:openssl-users@openssl.orgTo:openssl-users@openssl.orgSubject:Re: question about data transferDate:Mon, 21 Nov 2005 21:28:01 -0700When you say "data stream", how much data are you talking about?If it's occasional data (e.g., updated every 5 minutes) it wouldprobably be easiest to use a HTTPS client using a "post" form.That lets you use a standard web server on the other end.Oneless thing to worry about.Another possibility is secured email, SMTP + TLS.If you have arelatively smart sensor (e.g., an embedded Linux system) you couldwrite a straightforward mail client that sends mail to the localmail server (on localhost).You can then letsendmail/postfix/exim/whatever forward the mail to your systemwith a secure connection.Again, one less thing to worry about.If it's close to continuous you should probably establish your ownnetwork connection instead of trying to piggyback on an existingservice.In any case you need to think about how you will handle networkconnectivity problems... and you will have dropped connections,high latency, etc.Can you drop the data on the floor?If notyou'll need to have an accurately timestamped data queue.That'snot hard to do (hint: NTP), but it will drive the design.Bearsun yingming wrote: I am trying to use ssl to secure a persistent data stream which is read form some sensors outside, and transfer it to a fixed pc on the interent. The most common use of ssl is Https,but i am confused that can https realize this application? i mean , as i know ,the Https is always works in Browser/Server mode ,is it realizable to use Https to transfer a persitent data stream,or i should choose other protocol like ftp? anyone who can help me is thankful Sun Yingming__OpenSSL Project http://www.openssl.orgUser Support Mailing Listopenssl-users@openssl.orgAutomated List Manager [EMAIL PROTECTED]使用 MSN Messenger 与联机的朋友进行交流 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: question about data transfer
Now i've desided to write a new application instead of using an existing protocol.But I'm a fresh men here, so not very clear with what should i do first,would you please give me some advices about this ? If you don't know what you are doing, re-use an existing protocol. If you insist on writing your own, make sure you understand RFC 3117. /r$ -- SOA Appliance Group IBM Application Integration Middleware __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
installation problem on openssl 0.9.8a to solaris 10 x86 intel under virtual pc
Hi team, I got encountered the following error when I installed the openssl 0.9.8a to solaris 10 intel box under virtual pc. ./Configure solaris-x86-gcc make -- . . . gcc -I.. -I../.. -I../../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -march=pentium -Wall -DL_ENDIAN -DOPENSSL_NO_INLINE_ASM -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -c randfile.cIn file included from /usr/include/sys/wait.h:24, from /usr/include/stdlib.h:22, from randfile.c:64:/usr/include/sys/siginfo.h:259: error: parse error before "ctid_t"/usr/include/sys/siginfo.h:292: error: parse error before '}' token/usr/include/sys/siginfo.h:294: error: parse error before '}' tokenIn file included from /usr/include/sys/procset.h:24, from /usr/include/sys/wait.h:25, from /usr/include/stdlib.h:22, from randfile.c:64:/usr/include/sys/signal.h:85: error: parse error before "siginfo_t"In file included from /usr/include/stdlib.h:22, from randfile.c:64:/usr/include/sys/wait.h:86: error: parse error before "siginfo_t"*** Error code 1make: Fatal error: Command failed for target `randfile.o'Current working directory /home/kiyoshi/tmp/openssl-0.9.8a/crypto/rand*** Error code 1The following command caused the error:target=all; [ -n "objects md2 md4 md5 sha hmac ripemd des aes rc2 rc4 idea bf cast bn ec rsa dsa ecdsa dh ecdh dso engine buffer bio stack lhash rand err evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 store pqueue" ] for i in objects md2 md4 md5 sha hmac ripemd des aes rc2 rc4 idea bf cast bn ec rsa dsa ecdsa dh ecdh dso engine buffer bio stack lhash rand err evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 store pqueue ; do (cd $i echo "making $target in crypto/$i..." make -e TOP=../.. DIR=$i INCLUDES='-I.. -I../.. -I../../include' $target ) || exit 1; done;make: Fatal error: Command failed for target `subdirs'Current working directory /home/kiyoshi/tmp/openssl-0.9.8a/crypto*** Error code 1The following command caused the error:dir=crypto; target=all; if [ -d "$dir" ]; then ( cd $dir echo "making $target in $dir..." TOP= unset TOP ${LIB+LIB} ${LIBS+LIBS} ${INCLUDE+INCLUDE} ${INCLUDES+INCLUDES} ${DIR+DIR} ${DIRS+DIRS} ${SRC+SRC} ${LIBSRC+LIBSRC} ${LIBOBJ+LIBOBJ} ${ALL+ALL} ${EXHEADER+EXHEADER} ${HEADER+HEADER} ${GENERAL+GENERAL} ${CFLAGS+CFLAGS} ${ASFLAGS+ASFLAGS} ${AFLAGS+AFLAGS} ${LDCMD+LDCMD} ${LDFLAGS+LDFLAGS} ${SHAREDCMD+SHAREDCMD} ${SHAREDFLAGS+SHAREDFLAGS} ${SHARED_LIB+SHARED_LIB} ${LIBEXTRAS+LIBEXTRAS} make -e PLATFORM='solaris-x86-gcc' PROCESSOR='' CC='gcc' CFLAG='-DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -march=pentium -Wall -DL_ENDIAN -DOPENSSL_NO_INLINE_ASM -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM' AS='gcc' ASFLAG='-DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -march=pentium -Wall -DL_ENDIAN -DOPENSSL_NO_INLINE_ASM -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -c' AR='ar r' PERL='/bin/perl' RANLIB='/usr/ccs/bin/ranlib' SDIRS='objects md2 md4 md5 sha hmac ripemd des aes rc2 rc4 idea bf cast bn ec rsa dsa ecdsa dh ecdh dso engine buffer bio stack lhash rand err evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 store pqueue' LIBRPATH='/usr/local/ssl/lib' INSTALL_PREFIX='' INSTALLTOP='/usr/local/ssl' OPENSSLDIR='/usr/local/ssl' MAKEDEPEND='$${TOP}/util/domd $${TOP} -MD gcc' DEPFLAG='-DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_GMP -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5' MAKEDEPPROG='gcc' SHARED_LDFLAGS='-shared' KRB5_INCLUDES='' LIBKRB5='' EXE_EXT='' SHARED_LIBS='' SHLIB_EXT='.so.0.9.8' SHLIB_TARGET='solaris-shared' PEX_LIBS='' EX_LIBS='-lsocket -lnsl -ldl' CPUID_OBJ='x86cpuid-elf.o' BN_ASM='bn86-elf.o co86-elf.o' DES_ENC='dx86-elf.o yx86-elf.o' AES_ASM_OBJ='ax86-elf.o' BF_ENC='bx86-elf.o' CAST_ENC='cx86-elf.o' RC4_ENC='rx86-elf.o' RC5_ENC='r586-elf.o' SHA1_ASM_OBJ='sx86-elf.o s512sse2-elf.o' MD5_ASM_OBJ='mx86-elf.o' RMD160_ASM_OBJ='rm86-elf.o' THIS=${THIS:-build_crypto} MAKEFILE=Makefile MAKEOVERRIDES= TOP=.. DIR=$dir $target ) || exit 1; fimake: Fatal error: Command failed for target `build_crypto' -- I would very appreciate if you could give meany work around. +Kiyoshi Kiyoshi Watanabe