Re: Generating Certificates - Maximum Days Value
Richardson, Robert H wrote: Greetings, I have been trying to find documentation on the maximum value that the days argument will accept for an SSL generated certificate. We will be using an integration engine product (Cloverleaf) to post X12 Eligibility requests via HTTPS to a trading partner using SSL. My interest is in minimizing the maintenance that is required in maintaining expiring certificates for our engine. Thanks for any response. Bob Richardson Allina Hospitals and Clinics Minneapolis, MN Have you tried to generate a certificate which has an expiry date a hundred years in the future? I have not checked it, but since I have seen CA certificates which expire 2032 and I guess OpenSSL handles the days argument as a long integer value (even unsigned short int would suffice for this example), I'd assume that setting it to 42000 (a bit more than 30 years) would be worth the 10 minutes it needs to try it, especially if you are thinking in such periods Of course there may be bugs in client implementations, which may prevent the usage of such expiry dates, but I know of none. And just in case you run into serious problems please don't forget to post them here... ;) Hope it helps, Ted ;) -- PGP Public Key Information Download complete Key from http://www.convey.de/ted/tedkey_convey.asc Key fingerprint = 31B0 E029 BCF9 6605 DAC1 B2E1 0CC8 70F4 7AFB 8D26 smime.p7s Description: S/MIME Cryptographic Signature
Re: Decryption fails
Kaushalye Kapuruge wrote: Hi, Im trying to encrypt/decrypt a string using openssl. The program works fine for encryption but fails(not always) for decryption. This happens in EVP_CipherFinal_ex() call. I'm a bit confused with this random behavior. I've attached the code. Can anybody point me out what I'm doing wrong here? Thanks, Kaushalye (...) /* Bogus key and IV: we'd normally set these from * another source. */ unsigned char key[] = 0123456789; unsigned char iv[] = 12345671; As pointed out in another thread, key and IV should both have the correct size for the intended algorithm. Thus, key and/or IV read by EVP_CipherInit_ex may well be quite undetermined, which is a good reason for a random result. You probably should use some PKSC#5 procedure, or at least something like EVP_BytesToKey() to derive a good Key/IV pair from a passphrase/salt pair. Anyway, I'm not sure it's a good idea to force the key length using EVP_CIPHER_CTX_set_key_length(). Here, i'd rather let someone else give the correct answer. -- alea+ Luc begin:vcard fn:Luc Perthuis n:Perthuis;Luc org:Atempo S.A.;Engineering adr:;;PIBS;VANNES;;56000;FRANCE email;internet:[EMAIL PROTECTED] title:Core Technologies Group Manager tel;work:02 97 68 40 26 tel;fax:02 97 68 40 25 tel;cell:06 89 16 96 37 note;quoted-printable:Enabling Information Lifecycle Strategies=0D=0A= x-mozilla-html:TRUE url:http://www.atempo.com version:2.1 end:vcard
Re: Generating Certificates - Maximum Days Value
Hi Bob, I have been trying to find documentation on the maximum value that the days argument will accept for an SSL generated certificate. The *days* argument in openssl will work fine upto a Maximum value of *11499* in positive values. If the days specified is beyond the value 11499, the parameter Not After date internally goes in negative. Thus on Certificate Verification, the certificate is considered as *Expired* Thanks, ViSolve Security Consulting group www.visolve.com __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
policyMappings
Hi, I want to make a corss certificate supporting policyMappings with openssl.i am trying to modify openssl.cnf. but i don't know the exact format and can't find any datums. Thanks, laura __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Generating Certificates - Maximum Days Value
On 26/07/06, Bernhard Froehlich [EMAIL PROTECTED] wrote: Richardson, Robert H wrote: Greetings, I have been trying to find documentation on the maximum value that the days argument will accept for an SSL generated certificate. I have not checked it, but since I have seen CA certificates which expire 2032 and I guess OpenSSL handles the days argument as a long integer value (even unsigned short int would suffice for this example), I'd assume that setting it to 42000 (a bit more than 30 years) would be worth the 10 minutes it needs to try it, especially if you are thinking in such periods Of course there may be bugs in client implementations, which may prevent the usage of such expiry dates, but I know of none. And just in case you run into serious problems please don't forget to post them here... ;) I couldn't get it to set from within the conf file. It defaults to 30 unless set from the command line. regards -- Dave Pawson XSLT XSL-FO FAQ. http://www.dpawson.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Generating Certificates - Maximum Days Value
Dave Pawson wrote: [...] I couldn't get it to set from within the conf file. It defaults to 30 unless set from the command line. The relevant entries of my openssl.cnf: [ ca ] default_ca = CA_default# The default ca section [ CA_default ] default_days= 365 # how long to certify for If you are working with command line the parameter to openssl ca is -days (see http://www.openssl.org/docs/apps/ca.html). I guess you have already read the mail of ViSolve Security Consulting group? It sounds like they have tried and found a (de facto) maximum, though I'd consider that as a bug of openssl... regards Hope it helps Ted ;) -- PGP Public Key Information Download complete Key from http://www.convey.de/ted/tedkey_convey.asc Key fingerprint = 31B0 E029 BCF9 6605 DAC1 B2E1 0CC8 70F4 7AFB 8D26 smime.p7s Description: S/MIME Cryptographic Signature
Re: Decryption fails
Hello, Im trying to encrypt/decrypt a string using openssl. The program works fine for encryption but fails(not always) for decryption. This happens in EVP_CipherFinal_ex() call. I'm a bit confused with this random behavior. I've attached the code. Can anybody point me out what I'm doing wrong here? unsigned char key[] = 0123456789; unsigned char iv[] = 12345671; EVP_CIPHER_CTX_init(ctx); /*EVP_CipherInit_ex(ctx, EVP_rc2(), NULL, NULL, NULL, do_encrypt);*/ /*EVP_CipherInit_ex(ctx, EVP_rc2_cbc(), NULL, NULL, NULL, do_encrypt);*/ /*EVP_CipherInit_ex(ctx, EVP_des_ede3_cbc(), NULL, NULL, NULL, do_encrypt);*/ EVP_CipherInit_ex(ctx, EVP_aes_128_cbc(), NULL, NULL, NULL, do_encrypt); EVP_CIPHER_CTX_set_key_length(ctx, 10); EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, do_encrypt); Key and initialization vector for block ciphers (AES,DES in CBC mode) should be fixed size: aes128: key: 16, iv: 16 3des: key: 24, iv: 8 If you provide small buffers, some data from the end of buffer will be used and depending on this random data you may have decryption success or error. For EVP_CIPHER_CTX_set_key_length() to work, cipher must have ability to set variable key length. Check error code when using this function. Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Generating Certificates - Maximum Days Value
On 26/07/06, Bernhard Froehlich [EMAIL PROTECTED] wrote: The relevant entries of my openssl.cnf: [ ca ] default_ca = CA_default# The default ca section [ CA_default ] default_days= 365 # how long to certify for Thanks. - and the reference. I guess you have already read the mail of ViSolve Security Consulting group? It sounds like they have tried and found a (de facto) maximum, though I'd consider that as a bug of openssl... Perhaps not a bug, just a document deficiency? regards -- Dave Pawson XSLT XSL-FO FAQ. http://www.dpawson.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Generating Certificates - Maximum Days Value
Dave Pawson wrote: On 26/07/06, Bernhard Froehlich [EMAIL PROTECTED] wrote: The relevant entries of my openssl.cnf: [ ca ] default_ca = CA_default# The default ca section [ CA_default ] default_days= 365 # how long to certify for Thanks. - and the reference. I guess you have already read the mail of ViSolve Security Consulting group? It sounds like they have tried and found a (de facto) maximum, though I'd consider that as a bug of openssl... Perhaps not a bug, just a document deficiency? No, it's a bug. I just tried to use the -enddate parameter for the commandline (should be default_enddate in openssl.cnf) and there I can go as far as 31.12.2049 (which is another bug, but let's talk about that another time... ;)). But another thing to think about is, are you sure your private keys will stand 40 years of technical advances in computer tech? Hope it helps. Ted ;) -- PGP Public Key Information Download complete Key from http://www.convey.de/ted/tedkey_convey.asc Key fingerprint = 31B0 E029 BCF9 6605 DAC1 B2E1 0CC8 70F4 7AFB 8D26 smime.p7s Description: S/MIME Cryptographic Signature
Re: Generating Certificates - Maximum Days Value
On 26/07/06, Bernhard Froehlich [EMAIL PROTECTED] wrote: But another thing to think about is, are you sure your private keys will stand 40 years of technical advances in computer tech? Mmmm. Perhaps 5 (at most :-) Good point. -- Dave Pawson XSLT XSL-FO FAQ. http://www.dpawson.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Decryption fails
Marek Marcola wrote: Hello, Im trying to encrypt/decrypt a string using openssl. The program works fine for encryption but fails(not always) for decryption. This happens in EVP_CipherFinal_ex() call. I'm a bit confused with this random behavior. I've attached the code. Can anybody point me out what I'm doing wrong here? unsigned char key[] = 0123456789; unsigned char iv[] = 12345671; EVP_CIPHER_CTX_init(ctx); /*EVP_CipherInit_ex(ctx, EVP_rc2(), NULL, NULL, NULL, do_encrypt);*/ /*EVP_CipherInit_ex(ctx, EVP_rc2_cbc(), NULL, NULL, NULL, do_encrypt);*/ /*EVP_CipherInit_ex(ctx, EVP_des_ede3_cbc(), NULL, NULL, NULL, do_encrypt);*/ EVP_CipherInit_ex(ctx, EVP_aes_128_cbc(), NULL, NULL, NULL, do_encrypt); EVP_CIPHER_CTX_set_key_length(ctx, 10); EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, do_encrypt); Key and initialization vector for block ciphers (AES,DES in CBC mode) should be fixed size: aes128: key: 16, iv: 16 3des: key: 24, iv: 8 If you provide small buffers, some data from the end of buffer will be used and depending on this random data you may have decryption success or error. For EVP_CIPHER_CTX_set_key_length() to work, cipher must have ability to set variable key length. Check error code when using this function. Best regards, Thanks Marek. That really helped. Do u have any references that I can find the key and IV size for different ciphers supported by openssl. Cheers, Kaushalye __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: [openssl-users] Re: Generating Certificates - Maximum Days Value
Hodie VII Kal. Aug. MMVI est, Visolve Security Consulting Group scripsit: Hi Bob, I have been trying to find documentation on the maximum value that the days argument will accept for an SSL generated certificate. The *days* argument in openssl will work fine upto a Maximum value of *11499* in positive values. If the days specified is beyond the value 11499, the parameter Not After date internally goes in negative. Thus on Certificate Verification, the certificate is considered as *Expired* Congratulations, you've encountered the Year 2038 bug in advance :) In fact, the command-line openssl uses a time_t type variable to update the certificate time, and time_t is probably a signed 32bits type on your platform. That means you won't be able to go past Jan 19, 2038 04:14:07 as a date with your current method. It's not exactly a *bug*, it's already known by the core team developers, as you can find some FIXME comments in the date/time manipulation functions. They probably have more useful things to do, but you can help them (and everybody else) on this point: - add necessary functions to get/set/compare/convert/update ASN1_TIME, ASN1_UTCTIME, and ASN1_GENERALIZEDTIME entities, maybe using (struct tm) types whenever possible (that way, you'll have a much larger margin), - modify the command-line tool to make use of these functions, instead of relying on arithmetic with time_t types. -- Erwann ABALEA [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Decryption fails
Hello, Do u have any references that I can find the key and IV size for different ciphers supported by openssl. You may for example use: EVP_EncryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, key, iv); printf(\ncipher parameters:\n); printf(block size: %d\n, EVP_CIPHER_CTX_block_size(ctx)); printf(key length: %d\n, EVP_CIPHER_CTX_key_length(ctx)); printf( iv length: %d\n, EVP_CIPHER_CTX_iv_length(ctx)); Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: openssl, threads and portable libraries
From: Friedrich Dominicus I'm trying to get into openssl programming and run into the following problem. I've found nothing about that neither while searching the web nore looking into this lib. According to threads(3) and also mentioned in network security with OpenSSL from O'Reilly one has to provide callback functions for using OpenSSL with threads. Now there do exist a few libraries (e.g libapr and glib) and they have libraries for thread support also, and now comes my question. What is the id_function while using glib? can I simply cast one member of the GThread struct? (maybe data?) alternatively what would be the callback function for libapr? You need to use whatever mechanism is normal in your threading environment of choice to generate a unique consistent identifier for a thread. If you don't know what that is, the place to ask is a list or group which discusses that environment's threading facilities. OpenSSL doesn't know or care what mechanism is used - that's why it's left to the user to provide it. Many environments provide a function call which returns a thread identifier. In those that don't, you can probably do something with thread-private data facilities. Many programs need an identifier of this sort, so I expect most threading support libraries will have some way to create one. Experienced users of the environment should be able to advise on a commonly-used method. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: policyMappings
On Wed, Jul 26, 2006, ?? wrote: Hi, I want to make a corss certificate supporting policyMappings with openssl.i am trying to modify openssl.cnf. but i don't know the exact format and can't find any datums. Hmm doesn't seeem to be documented at present... Format is: policyMappings = issuerDomainPolicy1:subjectDomainPolicy1, idp2:sdp2 Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: openssl, threads and portable libraries
Jeremy Farrell [EMAIL PROTECTED] writes: From: Friedrich Dominicus I'm trying to get into openssl programming and run into the following problem. I've found nothing about that neither while searching the web nore looking into this lib. According to threads(3) and also mentioned in network security with OpenSSL from O'Reilly one has to provide callback functions for using OpenSSL with threads. Now there do exist a few libraries (e.g libapr and glib) and they have libraries for thread support also, and now comes my question. What is the id_function while using glib? can I simply cast one member of the GThread struct? (maybe data?) alternatively what would be the callback function for libapr? You need to use whatever mechanism is normal in your threading environment of choice to generate a unique consistent identifier for a thread. I would argue my mails have shown that I have realized that. Now I asked especially about portable libraries and what to use from them. As pointed out glib2 does not have an idea of some unique thread id (AFAIU) but as someone else has posted this might be different in libapr. So my question was on the point. If you don't know what that is, the place to ask is a list or group which discusses that environment's threading facilities. Well I can not see why that question should be misplaced here. Well everyone here using threads must decide on this and so it's quite possible that someone has checked the available alternatives. Regards Friedrich __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Best practice, checking cipher spec in FIPS mode?
Hi, in FIPS mode several algorithms are deactivated. This does not prevent one from setting ALL:... or DEFAULT:... which seems to bring in some of these algorithms. Unfortunately, if not checked, the error message is written to stderr or stdout, but I need a formated string in my error log. Further more I want to specify the FIPS forbitten algorithm which caused the failure. Checking for exlicidly included algorithms is simple, but does somebody already have some code to check if one of the deactivated algorithms is implicidly included in the cipher spec? Thanks in advance. Regards Gerd __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
email sending
Hello! I'm a new user of OpenSSL. I'm trying to send e-mail using smime command. I've found the following example on the OpenSSL official page, but it only works under Unix. Send a signed message under Unix directly to sendmail, including headers: openssl smime -sign -in in.txt -text -signer mycert.pem \ -from [EMAIL PROTECTED] -to [EMAIL PROTECTED] \ -subject Signed message | sendmail [EMAIL PROTECTED] I would like to do it under Windows XP (Command prompt). Can you help me? Jelena
Re: openssl, threads and portable libraries
El mié, 26-07-2006 a las 13:45 +0200, Friedrich Dominicus escribió: Hi Friedrich, As pointed out glib2 does not have an idea of some unique thread id (AFAIU) but as someone else has posted this might be different in libapr. So my question was on the point. You can try using the pointer reference as unique identifier. Did you try: gint thread_id = GPOINTER_TO_INT (g_thread_self ()); For a glib user I think it is the better way: 1) It is portable across platforms (the function returns the same reference as long as the program runs) 2) Inside Linux, according to the thread implementation of your libc it returns the same process Id for all threads. Cheers! -- Francis Brosnan Blazquez [EMAIL PROTECTED] Advanced Software Production Line, S.L. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: Best practice, checking cipher spec in FIPS mode?
Sorry, it seemd to be my fault. Even if specifying +MD5 in cipher spec. Ciphers including MD5 are not in list of available ciphers of SSL session. Regards Gerd -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Wetzel, Gerd Sent: Wednesday, July 26, 2006 1:59 PM To: openssl-users@openssl.org Subject: Best practice, checking cipher spec in FIPS mode? Hi, in FIPS mode several algorithms are deactivated. This does not prevent one from setting ALL:... or DEFAULT:... which seems to bring in some of these algorithms. Unfortunately, if not checked, the error message is written to stderr or stdout, but I need a formated string in my error log. Further more I want to specify the FIPS forbitten algorithm which caused the failure. Checking for exlicidly included algorithms is simple, but does somebody already have some code to check if one of the deactivated algorithms is implicidly included in the cipher spec? Thanks in advance. Regards Gerd __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: email sending
On 7/26/06, Jelena Keršnik [EMAIL PROTECTED] wrote: Hello! I'm a new user of OpenSSL. I'm trying to send e-mail using smime command. I've found the following example on the OpenSSL official page, but it only works under Unix. Send a signed message under Unix directly to sendmail, including headers: openssl smime -sign -in in.txt -text -signer mycert.pem \ -from [EMAIL PROTECTED] -to [EMAIL PROTECTED] \ -subject Signed message | sendmail [EMAIL PROTECTED] I would like to do it under Windows XP (Command prompt). Can you help me? this fails because you don't have a sendmail command available on your Windows installation do you? you need a tool like unix's default sendmail command which like the mail command is a pretty common tool available on unix-like systems. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: email sending
On 7/26/06, gmu 2k6 [EMAIL PROTECTED] wrote: On 7/26/06, Jelena Keršnik [EMAIL PROTECTED] wrote: Hello! I'm a new user of OpenSSL. I'm trying to send e-mail using smime command. I've found the following example on the OpenSSL official page, but it only works under Unix. Send a signed message under Unix directly to sendmail, including headers: openssl smime -sign -in in.txt -text -signer mycert.pem \ -from [EMAIL PROTECTED] -to [EMAIL PROTECTED] \ -subject Signed message | sendmail [EMAIL PROTECTED] I would like to do it under Windows XP (Command prompt). Can you help me? this fails because you don't have a sendmail command available on your Windows installation do you? you need a tool like unix's default sendmail command which like the mail command is a pretty common tool available on unix-like systems. btw, you can do this with 3 lines of perl just in case you have built OpenSSL yourself and therefore have perl installed already. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: email sending
On 7/26/06, gmu 2k6 [EMAIL PROTECTED] wrote: On 7/26/06, gmu 2k6 [EMAIL PROTECTED] wrote: On 7/26/06, Jelena Keršnik [EMAIL PROTECTED] wrote: Hello! I'm a new user of OpenSSL. I'm trying to send e-mail using smime command. I've found the following example on the OpenSSL official page, but it only works under Unix. Send a signed message under Unix directly to sendmail, including headers: openssl smime -sign -in in.txt -text -signer mycert.pem \ -from [EMAIL PROTECTED] -to [EMAIL PROTECTED] \ -subject Signed message | sendmail [EMAIL PROTECTED] I would like to do it under Windows XP (Command prompt). Can you help me? this fails because you don't have a sendmail command available on your Windows installation do you? you need a tool like unix's default sendmail command which like the mail command is a pretty common tool available on unix-like systems. btw, you can do this with 3 lines of perl just in case you have built OpenSSL yourself and therefore have perl installed already. a quick web search returned for example this one here http://www.glob.com.au/sendmail/ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: email sending
Thanks for your answers! I already tried with a windows substitution for sendmail command (Indigo Mail or Sendmail for Windows) but it returns an error code (must issue a STARTTLS command first) and I don't know how to manage it… I'll try with the link you've suggested… perhaps this one will work! Jelena
Re: email sending
On 7/26/06, Jelena Keršnik [EMAIL PROTECTED] wrote: Thanks for your answers! I already tried with a windows substitution for sendmail command (Indigo Mail or Sendmail for Windows) but it returns an error code (must issue a STARTTLS command first) and I don't know how to manage it… I'll try with the link you've suggested… perhaps this one will work! oh, if yout SMTP server only accepts TLS-enabled connections you better make sure to use a sendmail/mail replacement which supports STARTTLS. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: email sending
On 7/26/06, gmu 2k6 [EMAIL PROTECTED] wrote: On 7/26/06, Jelena Keršnik [EMAIL PROTECTED] wrote: Thanks for your answers! I already tried with a windows substitution for sendmail command (Indigo Mail or Sendmail for Windows) but it returns an error code (must issue a STARTTLS command first) and I don't know how to manage it… I'll try with the link you've suggested… perhaps this one will work! oh, if yout SMTP server only accepts TLS-enabled connections you better make sure to use a sendmail/mail replacement which supports STARTTLS. you could also try this one http://bwachter.lart.info/projects/aardmail/aardmail-miniclient.html __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: openssl, threads and portable libraries
Francis Brosnan Blazquez [EMAIL PROTECTED] writes: You can try using the pointer reference as unique identifier. Did you try: gint thread_id = GPOINTER_TO_INT (g_thread_self ()); For a glib user I think it is the better way: Yes I think that could work, it was pointed out to me on the gtk-list as a possible solution. I'll go for it for the moment and hope that I do not break something. Thanks Friedrich __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: email sending
I succeeded! Thanks again...I've spent almost two days doing this Jelena