Hi,
I'm having trouble verifying the server's signing CA on my client. At init
time, the SSL_CTX_set_client_CA_list() seems to work okay - debugging shows
certs being loaded into the STACK - but then in my verify callback routine
(nsssl_verify_client_callback) I always get
X509_V_ERR_UNABLE_TO_GE
> As was mentioned in previous messages
>
> {id-extensions 3} is the CZAG extension (country, zip, age and gender). I
> need to find out if I can disclose the details on this one. If I can it
> will be in the doc.
Can you provide such a cert with all these extensions?
I'm interested too in fi
On Tue, Nov 30, 1999 at 04:55:40PM -0500, Sue Spoddig wrote:
> make[1]: ar: Command not found
> I cd to the directory crypto and, indeed, no ar* file(s) to be found.
Ahem. ar is a system utility. Make sure that your PATH is set correctly.
__
> "Geoff" == Geoff Thorpe <[EMAIL PROTECTED]> writes:
Geoff> The whole point had been that snprintf (and vsnprintf) don't exist on all
Geoff> platforms, they're GNU extensions. BIO_printf currently has a fixed 2k
Actually, they're in the new POSIX spec, but a buch of OS's still don't have
th
ar is the program that creates libraries. Make is trying to build the
libcrypto library using ar. You surely have it on your system. Perhaps your
path is incorrect?
-Original Message-
From: Sue Spoddig [mailto:[EMAIL PROTECTED]]
Sent: November 30, 1999 2:56 PM
To: [EMAIL PROTECTED]
Subjec
At 18:16 01.12.99 +, you wrote:
>On 30 Nov 1999 [EMAIL PROTECTED] wrote:
>
>> Geoff Thorpe <[EMAIL PROTECTED]> wrote:
>> > great. BIO_nprintf?
>
>The whole point had been that snprintf (and vsnprintf) don't exist on all
>platforms, they're GNU extensions. BIO_printf currently has a fixed 2k
>b
On 30 Nov 1999 [EMAIL PROTECTED] wrote:
> Geoff Thorpe <[EMAIL PROTECTED]> wrote:
> > great. BIO_nprintf?
>
> BIO_nprintf() wouldn't be of much use in itself, would it?
>
> Better to just fix BIO_printf so it handles unlimited length output
> the way printf() does. Fixing it right will mean in
I have a complete working version with "no-rsa" defined. Several other
defines are included, as there are other licensing issues as well. As I
said in my last post, the kludge is not all that good, but it works. I
also had to modify other files as well (defines, mostly). If you would
like
Hi,
I am using OpenSSL 0.9.4 to develop a secure server.
There are few things that have confused me when confiuring the SSL parameters
1. Server Certificate :
When it is said that the cipher is ,for example,SSL_RSA_WITH_NULL_SHA, is it that
an RSA
signing-only certificate is used?? And
Ben Laurie wrote:
>
> Just noticed:
>
> make test ends with:
>
> test sslv3 with server authentication
> server authentication
> depth=1 error=24 /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA
> (1024 bit)
> ERROR in CLIENT
> 26942:error:14090086:SSL
> routines:SSL3_GET_SERVER_CERTIFICATE:c
Hi
You can get the stuff you need something like this...
EVP_PKEY *pKey = NULL;
//do something, here like generating or loading a key
pKey->pkey.rsa // rsa stuff is here.
Also look at stuff like
i2d_RSAPrivateKey and
d2i_RSAPrivateKey
Hope this helps in some way.
-Andy
--- Cory Winter <[EM
Clifford Heath wrote:
>
>
> > There are several functions that get removed by the defines that are
> > required elsewhere in the code that is non-rsa dependant code.
>
> Haven't used the latest cuts, but if no-rsa doesn't work any more, then
> it's because someone broke it, and it should get fi
Bodo Moeller wrote:
> On Wed, Dec 01, 1999 at 12:39:26PM -0800, Sean Walker wrote:
> > Not a chance. The defines are incorrect and remove essential functions.
%< snip >%
> Some time ago I verified that, for some version of OpenSSL 0.9.4-dev
> or 0.9.5-dev, compiling the software with no-rsa work
michael friedli wrote:
>
> Hello,
> I need your help very urgently. Let me explain you: I have do make an
> implementation of pkcs#11 (for receiving privatekeys, certificates from a
> token) and openssl (to hand out the received certificates from pkcs#11). Now
> the problem is, that I am rather n
Dear all:
I am new in SSLeay/OpenSSL.
I am quickly lost in the definition of the objects
built on top of multiple layer of other objects of
X.509 and ASN.1.
I have one root certificate in a .pem file,
and converted it into the binary/hex format.
I also have a server certificate in hex format.
# ./config -t
Operating system: sun4u-sun-solaris2
gcc version 2.8.x
Configuring for solaris-usparc-gcc
/usr/bin/perl ./Configure solaris-usparc-gcc
# pwd
/usr/local/tools/openssl-0.9.3a
Errors produced by make:
# make
making all in crypto...
make[1]: Entering directory `/data/local/tools/openss
Hello,
Until I get some time to make the VeriSign OID repository ready for public
consumption and place them on our web site, here is a (very) high level view
of what we have done.
--
-- Root of the VeriSign ARC
-- (2.16.840.1.113733)
--
id-verisign OBJECT IDENTIFIER ::= {2 16 US(840) 1 verisi
Hi:
I believe you have the wrong "Jean" at SCO. I'm in Finance and quite
frankly, I don't understand this email chain at all! Please review the
addresses under your alias.
I've also cc'd all of the 'jeans" at SCO in the hopes this belongs to one
of them and they can let you know the correct "j
Geoff Thorpe <[EMAIL PROTECTED]> wrote:
> great. BIO_nprintf?
BIO_nprintf() wouldn't be of much use in itself, would it?
Better to just fix BIO_printf so it handles unlimited length output
the way printf() does. Fixing it right will mean including source
for a printf() implementation, modified
On Wed, Dec 01, 1999 at 12:39:26PM -0800, Sean Walker wrote:
>> Has anyone been able to compile using the "no-rsa" flag under WindowNT. I
>> get 26 unresolved functions at link time. This appears to happen because
>> there are functions in libeay32.def that are from files that are not
>> compiled
Cory Winter wrote:
>
> Hi,
>
> Is there a way to convert an EVP_PKEY structure to an RSA structure?
>
With current releases you have to poke around the EVP_PKEY structure and
pull out the RSA element if the type is right. The latest snapshot has
an EVP_PKEY_rget_RSA() function that does this a
Cory Winter wrote:
>
> openssl pkcs8 -inform PEM -outform DER -in mykey.pem -out mykey.der -topk8
> - convert PEM cert to DER
First thing to note: this will create a key encrypted with 56 bit DES
which may be considered inadequate for some applications.
> I then try to use these DER certs wit
22 matches
Mail list logo
