Diffie-Hellman X509EncodedKeySpec
Hello, It would be very great if my problem could be solved here. In C I have to make a Diffie-Hellman Key Exchange and the problem is that the corresponding Java Server expects a ASN.1 DER encoded SubjectPublicKeyInfo, the same thing that Java creates with the getEncoded() Method, described here Click (http://docs.oracle.com/javase/1.5.0/docs/api/java/security/Key.html) and I have tried many things but I seem to misunderstand something. I am at the point that I generated the Keys already and have an DH object, but I also used the EVP Api and can have access to a EVP_PKEY Object, that contains the parameters and y. I found in other thread the following explanation: X509EncodedKeySpec is correct if you have a DH public key (or other public key) *in X.509 SubjectPublicKeyInfo format* which Openssl calls PUBKEY and can do with no additional code. Thread (http://www.mail-archive.com/openssl-users@openssl.org/msg70568.html) I think this is what I need, but how can i create that so that the Java Server can handle it?
Unsupported Architecture ?
Hi Regards to All, This is my first email to the group. Outline: I have a QNAP TS-410 on which I have installed a version of Debian Linux, rather than the official OS from QNAP. Linux DLSC3D75E 2.6.32-5-kirkwood #1 Sun Sep 23 22:53:30 UTC 2012 armv5tel GNU/Linux I am trying to compile Apache 2.4.3 with zlib and OpenSSL support, as the aptitude port is a bit primitive. I can compile Apache without any problems but when I attempt to compile with zlib and openSSL I cannot. I get strange output purporting to come from c_zlib_c. I have delved into .config and .Configure and if I use -t for test get the following output. ./config -t --prefix=/usr zlib-dynamic --openssldir=/ etc/ssl shared Operating system: armv5tel-whatever-linux2 Configuring for linux-armv4 /usr/bin/perl ./Configure linux-armv4 --prefix=/usr zlib-dynamic --openssldir=/etc/ssl shared -Wa, --noexecstack I notice that linux-armv4 is chosen as the compiler output whereas in fact I need armv5tel. This appears to be absent from the .config script, so I believe this to be the root of my problem. Therefore: 1. Has anyone got the .config which will support armv5tel? 2. Am I barking up the wrong tree? 3. Open to any other advice, please? Thanks and kind regards to all, jB ;) PS I have checked and I am using the latest source for all packages. The guide is from : http://mariobrandt.de/archives/apache/compling-apache-2-4-on-ubuntu-or-debian-519/ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Unsupported Architecture ?
Thanks for the info Jakob. Are there any kind hearted souls out in Etherland who can expand on this for me? Kind reagrds, jB ;) - Original Message - From: Jakob Bohm jb-open...@wisemo.com To: openssl-users@openssl.org Sent: Wednesday, 27 February, 2013 9:14:13 PM Subject: Re: Unsupported Architecture ? On 2/27/2013 4:00 PM, Julian Bourne wrote: Hi Regards to All, This is my first email to the group. Outline: I have a QNAP TS-410 on which I have installed a version of Debian Linux, rather than the official OS from QNAP. Linux DLSC3D75E 2.6.32-5-kirkwood #1 Sun Sep 23 22:53:30 UTC 2012 armv5tel GNU/Linux I am trying to compile Apache 2.4.3 with zlib and OpenSSL support, as the aptitude port is a bit primitive. I can compile Apache without any problems but when I attempt to compile with zlib and openSSL I cannot. I get strange output purporting to come from c_zlib_c. I have delved into .config and .Configure and if I use -t for test get the following output. ./config -t --prefix=/usr zlib-dynamic --openssldir=/ etc/ssl shared Operating system: armv5tel-whatever-linux2 Configuring for linux-armv4 /usr/bin/perl ./Configure linux-armv4 --prefix=/usr zlib-dynamic --openssldir=/etc/ssl shared -Wa, --noexecstack I notice that linux-armv4 is chosen as the compiler output whereas in fact I need armv5tel. This appears to be absent from the .config script, so I believe this to be the root of my problem. I believe that the ARMv5TEL architecture is 100% backwards compatible with the ARMv4 architecture, provided you use interworking stubs to call from thumb code to non-thumb ARM code. This is done by setting a few gcc options. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
pdf- signature - pkcs7, pdfembedded
Hello Mailing List, i use an external sigature- service in order to signature documents. There are two possibilities 1. pdf-embedded and 2.pkcs7 - encoding in a separate file. I think that the hash of the input- document must be compared with a value coded by the private key in the signature file. The certificate is part of the signature- file. My problem is, that i really don't know how to verify a signatured pdf with openssl. I searched a litte bit in the mailing list, an read something about openssl dgst -but the verify option is not very self-describing :-) . Can openssl extract the certificate and/or the public- key from the signature- file and is it possible to verify a pdf-embedded signature with openssl. Can i use openssl dgst to verify a pkcs7- signatured pdf ? It would be very nice if someone could help me Thank you in advance Julian Thomé ___ Der fr�he Vogel f�ngt den Wurm. Hier gelangen Sie zum neuen Yahoo! Mail: http://mail.yahoo.de __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: why build shared openssl
Never ship a Shared OpenSSL library. Anyone can rebuild it to output the socket buffer to disk prior to encryption and replace yours. :-) On Oct 23, 2008, at 9:32 AM, csross wrote: I don't know what is the purpose of building openssl shared. I am building apache with ssl statically built in. What does building a shared openssl give me? Thanks -- View this message in context: http://www.nabble.com/why-build-shared-openssl-tp20134687p20134687.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Decrypting Fragmented packets
It's hard to approach this without knowing the mode of operation you are running CBC, OFB, CTR? Also are you using UDP with varying packet sizes? Julian On Jun 24, 2008, at 10:25 PM, Vijay Kotari wrote: Hi, I am using EVP_DecryptUpdate() and EVP_DecryptFinal_ex() to decrypt a SSL packet that I have captured. The cipher that I am using AES256 and I can read the application data in cleartext as a result. The problem comes if the application data size 8, which I think has something to do with me using a block cipher. I can't seem to decrypt the data then. Anyways, after inspecting the packet dumps, I realized that sometimes I get fragmented packets. For Example, 17 03 01 00 20 85 99 2a 94 4d 0e 56 2c 81 bc fc 4d c9 32 aa 85 46 90 02 6d 4e b6 c6 da 4b d9 82 e9 ab cf 77 e7 17 03 01 00 20 76 68 51 17 9e 86 d4 20 6e 31 3e 7a 96 17 d5 cd c0 ba 5c cd ba 11 2b 18 b1 8d d8 3c 15 3d e9 c7 This is actually two packets that are using the SSL application protocol, each of size 0x20 (The second packet starts on line 3, 6th byte onwards). While decrypting, should both these packets be merged together and hence treated as a single packet of size 0x40 or should packet be processed separately. Since, we are using a block cipher of size 256 bits(32 bytes), will it even make a difference? Thanks and Regards, Vijay Kotari __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Implementing a custom cryptographic function
Mehdi, Sounds like you simply need TLS v1. Look at the EVP_ functions as they are higher level. Hope that helps, julian On May 4, 2008, at 3:06 AM, Mehdi Asgari wrote: Hi I want to develop a simple client/server OpenSSL application (a simple Hello Other Side passing between the two); my problem: Can I use a custom crypto API for encrypting data passed between ? (a simple XOR suffices, it's just proof of concept) Could anyone please show me some hints ? (I've searched the web but couldn't find anything useful) Thanks in advance __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
DH Prime Question
Hi, I am working on an application that is both a client and a server. The DH prime is stored in the binary for the server. Since the Server will exists inside the Client is there a considerable risk of embedding the DH p into the code? The alternative is to have the Server generate a 1024 bit prime when the Client starts it's Server portion, however as we know this is painfully slow. Thanks, J __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: DH Prime Question
My fear is that get a hold of P will allow for someone else to use it to start a protocol disassembly. For instance anyone could create a DHE-RSA-AES256-SHA TLS server and use P to listen for connections, of course if would have to have a cert signed by CA to proceed even if they have P. The protocol here is TLS where each client is a server, so shouldn't each client/server have their own DH P? Or am I looking at this wrong, since I am using distributed PKI, then exposing P is moot? Thanks in advance. J On Apr 14, 2008, at 1:57 AM, jimmy bahuleyan wrote: Bernhard Froehlich wrote: Julian schrieb: Hi, I am working on an application that is both a client and a server. The DH prime is stored in the binary for the server. Since the Server will exists inside the Client is there a considerable risk of embedding the DH p into the code? The alternative is to have the Server generate a 1024 bit prime when the Client starts it's Server portion, however as we know this is painfully slow. Thanks, J As I understand it the prime inportance for DH parameters is that no attacker can trick you into using a special set of parameters. Insofar I'd see no problem embedding DH parameters in code, because if an attacker can modify your code than you'll have bigger problems than DH parameters. Any other opinions? Hope it helps, Ted ;) Agree with Bernhard. Embedding doesn't seem to be a problem; many softwares use well known DH parameters (eg: ssh). What is important is for your DH params not to be weak, it might make be worth to look at places like RFC 4419 {Sections 6,7}, RFC2409 {Section 6 gives the Oakley groups}. -jb -- Real computer scientists don't comment their code. The identifiers are so long they can't afford the disk space. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: DH Prime Question
Thanks jb that clears up a lot. j On Apr 14, 2008, at 6:14 AM, jimmy bahuleyan wrote: Julian wrote: My fear is that get a hold of P will allow for someone else to use it to start a protocol disassembly. For instance anyone could create a DHE-RSA-AES256-SHA TLS server and use P to listen for connections, of course if would have to have a cert signed by CA to proceed even if they have P. Without certificates (anon-DH), yes someone could do a man-in-the- middle attack; with certificates they would be hard pressed, since they wouldn't have the server's private key. As for listening, no matter what P you use a listener could easily follow the protocol; but TLS is designed to be resilient, so he couldn't get hold of the session keys. The protocol here is TLS where each client is a server, so shouldn't each client/server have their own DH P? Or am I looking at this wrong, since I am using distributed PKI, then exposing P is moot? P,G are DH parameters which both the server and client need to know. Normally they are public knowledge; if the server and client don't share the P,G, then the server sends it to client (DH can't work if both don't have the same P,G). So, what happens is client makes a random value Y which is private. server makes a random value X which is private. client uses {P,G} to make public value Y' from Y. server uses {P,G} to make public value X' from X. exchanges X',Y' and both arrive at a common value Z. The security of DH lies in the fact that any attacker given knowledge of X',Y',G,P cannot derive X or Y (Discrete Logarithm problem) and hence cannot derive Z. And normally all systems generate X,Y for each DH exchange. Hope that helps. -jb -- Real computer scientists don't comment their code. The identifiers are so long they can't afford the disk space. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Create public/private key pair from trusted moduli?
Here is what I came up with: Peer A, B, C. Peer A, B, C generates 2 2048 bit RSA keys. Peer A, B, C connects to Login server over TLS. Login server signs each key and signs only one for key signing. Peer A generates a session key and signs it. Peer A connects to Peer B over TLS. Peer A exchanges public key with Peer B. Peer A and B now have encrypted channel that C cannot decrypt. Thoughts? On Apr 10, 2008, at 4:59 AM, Kyle Hamilton wrote: If E got the public key of the server, then he would be able to authenticate certificates signed by the server. The 'secret' or 'private' key is what's needed to create a signature for a certificate, and without it it's impossible to perform the proof that the private key is known to E. (sure, E could present that certificate -- but the next step of the TLS protocol is to verify that E has the private key associated with the public key embedded in the certificate, and E would not be able to do that and the handshake would fail.) In any case, though, the security of the system does not depend on the public key being limited to only 'trusted' entities. I recommend that you look at a text on asymmetric ciphers, or public-key cryptography, to better understand this concept. -Kyle H On Wed, Apr 9, 2008 at 2:44 PM, Julian [EMAIL PROTECTED] wrote: If E got ahold of this key it could complete a handshake to the server get sensitive data? The 'key' that you need to include with your binary is actually the CA's certificate (which contains the CA's public key). You don't need to include any 'trusted' information in the client other than that, and you don't need to include any 'secret' information at all. __ OpenSSL Project http:// www.openssl.org User Support Mailing Listopenssl- [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Create public/private key pair from trusted moduli?
If E got ahold of this key it could complete a handshake to the server get sensitive data? The 'key' that you need to include with your binary is actually the CA's certificate (which contains the CA's public key). You don't need to include any 'trusted' information in the client other than that, and you don't need to include any 'secret' information at all. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Create public/private key pair from trusted moduli?
Here is what I came up with: Peer A, B, C. Peer A, B, C generates 2 2048 bit RSA keys. Peer A, B, C connects to Login server over TLS. Login server signs each key and signs only one for key signing. Peer A generates a session key and signs it. Peer A connects to Peer B over TLS. Peer A exchanges public key with Peer B. Peer A and B now have encrypted channel that C cannot decrypt. Thoughts? On Apr 10, 2008, at 4:59 AM, Kyle Hamilton wrote: If E got the public key of the server, then he would be able to authenticate certificates signed by the server. The 'secret' or 'private' key is what's needed to create a signature for a certificate, and without it it's impossible to perform the proof that the private key is known to E. (sure, E could present that certificate -- but the next step of the TLS protocol is to verify that E has the private key associated with the public key embedded in the certificate, and E would not be able to do that and the handshake would fail.) In any case, though, the security of the system does not depend on the public key being limited to only 'trusted' entities. I recommend that you look at a text on asymmetric ciphers, or public-key cryptography, to better understand this concept. -Kyle H On Wed, Apr 9, 2008 at 2:44 PM, Julian [EMAIL PROTECTED] wrote: If E got ahold of this key it could complete a handshake to the server get sensitive data? The 'key' that you need to include with your binary is actually the CA's certificate (which contains the CA's public key). You don't need to include any 'trusted' information in the client other than that, and you don't need to include any 'secret' information at all. __ OpenSSL Project http:// www.openssl.org User Support Mailing Listopenssl- [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Create public/private key pair from trusted moduli?
Thanks Kyle, Here is my situation: I have a server which can sign certificates over tls(implemented in both client and peer). I generate a public/private key pair for each peer now. I need a way so Peer A Trusts Peer B because. So, I am trying to figure out the best way to do this, can server sign each peers certs and them trust each other? Thanks julian On Apr 8, 2008, at 11:04 PM, Kyle Hamilton wrote: Requiring a private key to be embedded into the binary is almost always a flawed design, because you're handing secret information to a computer controlled by someone you want to avoid having that data. Including 'trusted' moduli in the binary is also generally a flawed design, for the same reason. Including a public key/certificate in the binary allows for your CA to be known as trusted, though. What is the situation that you need to embed keys in your binary for? (if it's to keep people from using a binary with my service other than the one I provide, it won't work. Other answers might be better.) -Kyle H On Tue, Apr 8, 2008 at 7:32 PM, Julian [EMAIL PROTECTED] wrote: Hi, I am working on a client/server application. I am using RSA and need to ship keys in my binary, however I would rather generate key pairs on binary execution that get signed by the login server. Correct me if I am wrong but can I simply create my CA and keys and place the moduli of these keys inside the binary and then use the moduli to generate a public/private key pair that is trusted by the server? Basic idea here is to just hardcode the moduli in the binary. I have not seen any code performing this. Am I totally off? thanks in advance. julian __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Create public/private key pair from trusted moduli?
Right, Gotcha! There is one flaw in this design however. Peers: A, B, E By this scenario all three peers would be able to communicate, not just A and B, but also E. On Apr 9, 2008, at 2:10 PM, David Schwartz wrote: Thanks Kyle, Here is my situation: I have a server which can sign certificates over tls(implemented in both client and peer). I generate a public/private key pair for each peer now. I need a way so Peer A Trusts Peer B because. So, I am trying to figure out the best way to do this, can server sign each peers certs and them trust each other? Yes. The usual way to do this is: 1) Peer connects to server. 2) Peer and server exchange whatever information is needed for server to confirm peer's identity. 3) Server issues peer a signed certificate that vouches for its identity. 4) Peer disconnects from server. 5) Peer connects to peer. 6) Peer presents certificate it got from server. 7) Other peer validates certificate and knows peer's identity as established with the server. (It must also determine that the peer *owns* the certificate as opposed to just having a copy of it!) This requires the peers to be able to recognize that a certificate was signed by the server and is properly owned by the peer they're talking to. DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Create public/private key pair from trusted moduli?
Thanks, excellent description! On Apr 9, 2008, at 2:22 PM, Kyle Hamilton wrote: On Wed, Apr 9, 2008 at 2:10 PM, David Schwartz [EMAIL PROTECTED] wrote: Thanks Kyle, Here is my situation: I have a server which can sign certificates over tls(implemented in both client and peer). I generate a public/private key pair for each peer now. I need a way so Peer A Trusts Peer B because. So, I am trying to figure out the best way to do this, can server sign each peers certs and them trust each other? Yes. The usual way to do this is: 1) Peer connects to server. 2) Peer and server exchange whatever information is needed for server to confirm peer's identity. 3) Server issues peer a signed certificate that vouches for its identity. 4) Peer disconnects from server. 5) Peer connects to peer. 6) Peer presents certificate it got from server. 7) Other peer validates certificate and knows peer's identity as established with the server. (It must also determine that the peer *owns* the certificate as opposed to just having a copy of it!) This requires the peers to be able to recognize that a certificate was signed by the server and is properly owned by the peer they're talking to. More specifically: Each peer has a copy of the CA's public certificate. That's what allows this to work. Each peer goes through this process: 1) peer creates a keypair 2) peer generates a CSR (certificate signing request) for its public key. 3) peer connects to server, submits CSR along with whatever information necessary to determine that the certificate should be issued. 4) Server signs the certificate with its private key, and sends signed certificate back to peer. peer and server disconnect. Then, on peer-peer connection: 1) peer(listener) presents its own certificate, requests peer(connector) certificate from same CA. 2) peer(connector) verifies peer(listener)'s certificate (and proof that it has the private key paired with the pubkey in that certificate), presents its own certificate. 3) peer(listener) verifies peer(connector)'s certificate (and proof that it has the private key paired with the pubkey in that certificate). Each peer has a copy of the CA certificate in its trusted root authorities store. When they receive a peer certificate, they verify the signature on that certificate as being from that CA, and then verify that the peer that it's talking with actually has the private key associated with that certificate. Then they look at the information in that certificate (expiration date, etc). This is what TLS with client authentication does. The 'key' that you need to include with your binary is actually the CA's certificate (which contains the CA's public key). You don't need to include any 'trusted' information in the client other than that, and you don't need to include any 'secret' information at all. -Kyle H __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Create public/private key pair from trusted moduli?
Hi, I am working on a client/server application. I am using RSA and need to ship keys in my binary, however I would rather generate key pairs on binary execution that get signed by the login server. Correct me if I am wrong but can I simply create my CA and keys and place the moduli of these keys inside the binary and then use the moduli to generate a public/private key pair that is trusted by the server? Basic idea here is to just hardcode the moduli in the binary. I have not seen any code performing this. Am I totally off? thanks in advance. julian __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Create public/private key pair from trusted moduli?
Hi, I am working on a client/server application. I am using RSA and need to ship keys in my binary, however I would rather generate key pairs on binary execution that get signed by the login server. Correct me if I am wrong but can I simply create my CA and keys and place the moduli of these keys inside the binary and then use the moduli to generate a public/private key pair that is trusted by the server? Basic idea here is to just hardcode the moduli in the binary. I have not seen any code performing this. Am I totally off? thanks in advance. julian __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
What is wrong with this code?
The encrypted.file is exactly as the original. Thanks in advance, julian void aes::encrypt_file(const char * key, const char * path, unsigned char * buf /*[in|out]*/) { // ... unsigned char fbuf_in[1024]; unsigned char fbuf_out[1024]; // Open the reading and writing paths. std::fstream in(path, std::ios::in | std::ios::binary); std::fstream out(/encrypted.file, std::ios::out | std::ios::binary); // Set up the AES key structure. AES_set_encrypt_key(k, 256, m_encrypt_ctx); // Set the IV. std::memset(m_iv, rand(), AES_BLOCK_SIZE); // Do the actual reading, ecrypting and writing. while (!in.eof()) { std::cout aes::encrypt_file: Reading... std::endl; in.read((char *) fbuf_in, 1024); unsigned int len = in.gcount(); std::cout aes::encrypt_file: Encrypting... std::endl; AES_cbc_encrypt(fbuf_in, fbuf_out, len, m_encrypt_ctx, m_iv, AES_ENCRYPT); std::cout aes::encrypt_file: Writing... std::endl; out.write((char *)fbuf_out, len); } }
Is the ip address stored in an x509 certificate?
I have Cyrus imap set up with openssl, and everything seems to be working... but... MS Outlook (and express) complains that The server you are connected to is using a security certificate that does not match it's Internet address. I think this might be due to the fact that this machine has 3 NICs, thus three IP addresses. Reverse ip lookups, though, all show the same domain name, and CN is set to that domain name. __ Do You Yahoo!? Yahoo! Auctions - buy the things you want at great prices http://auctions.yahoo.com/ __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Installion Trouble
Hi I think its an little Prob. Iam using Suse 6.4 an when i do ./Configure i get this message. Sorry iam a little bit newbie in compiling root@linux-server:/usr/local/openssl-0.9.6a ./Configure Usage: Configure [no-cipher ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [rsar ef] [no-threads] [no-asm] [no-dso] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR ] os/compiler[:flags] pick os/compiler from: BC-16 BC-32 BS2000-OSD CygWin32 FreeBSD FreeBSD-alpha FreeBSD-elf MPE/iX-gcc Mingw32 NetBSD-m68 NetBSD-sparc NetBSD-x86 OpenBSD OpenBSD-alpha OpenBSD-mips OpenBSD-x86 ReliantUNIX SINIX SINIX-N VC-MSDOS VC-NT VC-W31-16 VC-W31-32 VC-WIN16 VC-WIN32 aix-cc aix-gcc aix43-cc aix43-gcc alpha-cc alpha-gcc alpha164-cc bsdi-elf-gcc bsdi-gcc cc cray-t3e cray-t90-cc dgux-R3-gcc dgux-R4-gcc dgux-R4-x86-gcc dist gcc hpux-brokencc hpux-brokengcc hpux-cc hpux-gcc hpux-parisc-cc hpux-parisc-cc-o4 hpux-parisc-gcc hpux-parisc1_1-cc hpux-parisc2-cc hpux10-brokencc hpux10-brokengcc hpux10-cc hpux10-gcc hpux64-parisc-cc hpux64-parisc2-cc irix-cc irix-gcc irix-mips3-cc irix-mips3-gcc irix64-mips4-cc irix64-mips4-gcc linux-alpha+bwx-ccc linux-alpha+bwx-gcc linux-alpha-ccc linux-alpha-gcc linux-aout linux-elf linux-elf-arm linux-ia64 linux-m68k linux-mips linux-ppc linux-s390 linux-sparcv7 linux-sparcv8 linux-sparcv9 ncr-scde newsos4-gcc nextstep nextstep3.3 purify qnx4 rhapsody-ppc-cc sco3-gcc sco5-cc sco5-cc-pentium Greets Julian __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Installion errror
Hi Iam sorry. I got another prob. I made ./config then make and then make install !!! Now i get this messages julian@linux-server:/ perl -e 'use Net::SSLeay' Can't locate Net/SSLeay.pm in @INC (@INC contains: /usr/lib/perl5/5.00503/i586-linux /usr/lib/perl5/5.00503 /usr/lib/perl5/site_perl/5.005/i586-linux /usr/lib/perl5/site_perl/5.005 .) at -e line 1. BEGIN failed--compilation aborted at -e line 1. Greets Julian __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: What did I just send you?
Ian. -- Ian Brennan Ph:+353 1 8550685 Technical Director, Fax+353 1 8550624 Cyrona Software, +1 630 2144879 Crosbie Business Center Web: www.cyrona.com Dublin 3 Email: [EMAIL PROTECTED] -- Electronic Commerce - "Our viruses are your future" Thanks Ian, that was very exciting. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]