Re: Newbie : is it possible to use SSL on multiple targets with just IP addresses ?
Hi, If I understand what you want to do, the answer is yes, it can be done. You can create a generic certificate with a given CN to be used in the embedded web server. The next question is... who will use this web server? If it's a program, so your system is used as an update server (for instance, although in this case identification would be critical), you can deactivate the CN checking, so that even if your CN does not correspond to the host name used in the URL the program will not complain. If you want a user to connect via a browser, the problem is that he will get a warning every time he connects (I'm not sure if this can be avoided just by accepting the certificate in the browser, as this is a CN problem, and not that the certificate is self-signed), although maybe this is not a problem for you depends on your application and who will use it. Well, any way the answer to your question is yes, a generic certificate can be used to create an SSL connection if you don't care about authentication. Best regards, Ion Larrañaga Mark Jackson(e)k dio: We are designing a new embedded system which runs its own web server. When installed in the field, the majority of the units will *not* have a domain-name, just a local IP address, since they will be mostly be used on company intranets (and so could be *any* ip address I guess). Most units will not have static IP addresses, but will rely on zeroconf or dhcp for address allocation. I guess some companies may wish to expose units to the internet and probably will have some form of domain name setup for each one (e.g. unit1.foobar.com, unit2.foobar.com, etc) So my question is this ... Can SSL + Certs be used / generated to work on such a dynamic type of network setup ? TBH, all we are requiring is to obtain a secure connection to the web server, rather than certifying that the embedded units are who they say they are. Is there some other way of doing this (either via SSL or some other web technology) ? I apologise if this is too open a question, but I've not managed to find a suitable Google search phrase that comes anywhere near to answering my question(s). Thank in advance Mark __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Compilation errors in openssl 0.9.8h version
Hello, When you run Configure if you pass the prefix, you must use slashes (Unix) instead of backslashes (Windows), even if you are compiling in a Windows system. If you do something like this: perl Configure VC-WIN32 --prefix c:\openssl The compiler will complain because somewhere in the code, a string c:\openssl appears, so the compiler thinks that with '\o' you mean some kind of escape sequence (kind of '\n' and '\b'), and '\o' is not defined. You must use slashes. This is: perl Configure VC-WIN32 --prefix c:/openssl Even though you are compiling under Windows. Best regards, Ion Ambarish Mitra(e)k dio: Hello All, Am trying to compile openssl 0.9.8h version. I am getting following errors during compilation. C:\Apache_2.2.9\httpd-2.2.9\srclib\opensslnmake -f ms\ntdll.mak Microsoft (R) Program Maintenance Utility Version 6.00.8168.0 Copyright (C) Microsoft Corp 1988-1998. All rights reserved. Building OpenSSL cl /Fotmp32dll\cversion.obj -Iinc32 -Itmp32dll /MD /Ox /O2 /Ob2 /W3 /WX AM: /WX tells the compiler to treat a warning as an error. /Gs0 /GF /Gy /nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN - DDSO_WIN32 -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_ CPUI D_OBJ -DOPENSSL_IA32_SSE2 -DAES_ASM -DBN_ASM -DOPENSSL_BN_ASM_PART_WORDS -DM D5_A SM -DSHA1_ASM -DRMD160_ASM -DOPENSSL_USE_APPLINK -I. /Fdout32dll -DOPENSSL_NO_ID EA -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC5 -DOPENSSL_NO_MDC 2 -D OPENSSL_NO_TLSEXT -DOPENSSL_NO_CMS -DOPENSSL_NO_KRB5 -DOPENSSL_NO_DYNAMIC_EN GINE -D_WINDLL -DOPENSSL_BUILD_SHLIBCRYPTO -DMK1MF_BUILD -DMK1MF_PLATFORM_VC_WI N32 -c .\crypto\cversion.c cversion.c .\crypto\cversion.c(105) : error C2220: warning treated as error - no object fil e generated .\crypto\cversion.c(105) : warning C4129: 'o' : unrecognized character escape se quence --- AM: This tells it all. In the code, you have somewhere \o - which is not recognized as an escape sequence. Escape seq examples are \n, \t, \r ... Since you have used /WX, this warning is treated as an error, and the compiler aborts. Correct this portion of the code, or remove /WX from compiler option. Thanks, Ambarish. NMAKE : fatal error U1077: 'cl' : return code '0x2' Stop. Any thoughts? Thanks in advance, Prathima. DISCLAIMER == This e-mail may contain privileged and confidential information which is the property of Persistent Systems Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Ltd. does not accept any liability for virus infected mails. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
