This code is used to calculate an offset from UTC:
offset=((str[1]-'0')*10+(str[2]-'0'))*60;
offset+=(str[3]-'0')*10+(str[4]-'0');
if (*str == '-')
offset= -offset;
which, unless I'm losing it, calculates the offset in
ben which, unless I'm losing it, calculates the offset in minutes. But it
ben should be in seconds, so the line below:
ben
benX509_gmtime_adj(atm,-offset);
ben
ben should be:
ben
benX509_gmtime_adj(atm,-offset*60);
ben
ben no?
Looks like you're quite right.
--
Richard Levitte \
Hi all,
I have a problem while writing a PERL module. When I want to issue an
openssl command (that requires input) the following code (which works
in common PERL programs) does not pass the required input to openssl
so it waits for user input:
open(FD, "|$command" ) || return;
madwolf I have a problem while writing a PERL module. When I want to issue an
madwolf openssl command (that requires input) the following code (which works
madwolf in common PERL programs) does not pass the required input to openssl
madwolf so it waits for user input:
madwolf
madwolf
Richard Levitte - VMS Whacker wrote:
What's wrong is that you assume OpenSSL takes password input from
standard input. This is not the case. Instead, a separate handle to
the TTY is opened, and that is used as password input. Under Unix,
the file used is "/dev/tty". Under DOS, it's
Is there any circumstances where the environment isn't safe?
I thought it was readily available on all BSD-derived Unices. viz:
haggis 71 uname ; who ; echo i am `who am i` ; ps -wwe -tp1
BSD/OS
salzrttyp0 Feb 10 14:58 (camstig)
bowe ttyp1 Feb 7 08:36 (taco)
i
drh Most utilities? I thought all the ones where it was useful were
drh covered. Have I missed one?
I don't think enc has it... At least I couldn't find it when I looked
20 minutes ago...
drh Is there any circumstances where the environment isn't safe? I believe
drh extra privs are normally
Dr Stephen Henson [EMAIL PROTECTED] writes:
Is there any circumstances where the environment isn't safe? I believe extra
privs are normally needed to read another users processes environment.
Under DEC Unixen you can read anyone's environment without any extra privs
(ps -wwae or a variant
Dr Stephen Henson wrote:
Is there any circumstances where the environment isn't safe? I believe
extra privs are normally needed to read another users processes
environment.
ps on Linux shows environments, but not being a Linux expert, I couldn't
say how that access is controlled.
Cheers,
Without user input you have a problem if your OS doesn't provide a
random device.
There is librand, a random number package based on event interval
variations, from Matt Blaze, Jack Lacy, and Don Mitchell available at:
ftp://ftp.research.att.com/dist/mab/librand.shar
Nicolas Roumiantzeff.
Is there any circumstances where the environment isn't safe? I believe
extra privs are normally needed to read another users processes
environment.
Yes, some oses dump core that is world readable and has env info
in the core file.
Mike
Enclosed is a sample of a module that I am working on, hope
this helps...
Hopefully outlook wont kill it. It is not meant to necessarily
portable to other platforms, but just an example and hopefully
some input.
Mike
-Original Message-
From: Richard Levitte - VMS Whacker
-BEGIN PGP SIGNED MESSAGE-
ApacheModuleSSL.dll is installed under the module
directory. When i run apache.exe -l to list the
compiled in modules I get this output,
Thats okay to this point.
Should i be specifiying the ApacheModuleSSL.dll
in LoadModule in httpd.conf ? is it
OK. I'm convinced environment isn't always safe. I'll redo the options
to allow several choices.
I.e.
1. Command line.
2. Environment.
3. Standard input.
Any other suggestions e.g from a file or fd?
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email:
Richard Levitte - VMS Whacker [EMAIL PROTECTED]:
[...]
I would trust passwords passed over stdin before anything passed in
the command line or environment, any time. Not that stdin is perfect
either, mind you, but still...
Environment variables must usually be considered public. PGP
Erik Aronesty [EMAIL PROTECTED]:
I have an app working very well... *except* i now want (need?) to
accurately determine if it's "ok to write" (will not block) or "ok to
read". Without SSL, I could do this with a select().. however a
select() is clearly not correct when using SSL.
Set the
Remo Inverardi [EMAIL PROTECTED]:
I'm using OpenSSL 0.9.4, compiled with Visual C++ 6.0 on a Windows
[...] I've got the buffer overflows and some leeks.
I have found some memory leaks since, but what I thought were buffer
overflows turned out to be harmless because the dangerously-looking
SalzR I thought it was readily available on all BSD-derived Unices. viz:
SalzR haggis 71 uname ; who ; echo i am `who am i` ; ps -wwe -tp1
SalzR BSD/OS
SalzR salzrttyp0 Feb 10 14:58 (camstig)
SalzR bowe ttyp1 Feb 7 08:36 (taco)
SalzR i am salzr ttyp0 Feb 10 14:58
Thanks to all who sent me their help. I found it very singular that using inside
a cgi script the code works... :-D I will investigate deeply ... (If I have time
to ... )
C'you,
Massimiliano Pala ([EMAIL PROTECTED])
S/MIME Cryptographic Signature
On Fri, Feb 11, 2000 at 01:04:09PM -0800, vijay karthik wrote:
...
I ran the command,
openssl verify mycertificatename
...
error 20 at 0 depth lookup:unable to get local issuer
certificate
Seems this one goes to "top 10 of FAQ"
Any idea on what the problem could be ?
Trusted self-sined
From: Dr Stephen Henson [EMAIL PROTECTED]
drh 1. Command line.
drh 2. Environment.
drh 3. Standard input.
drh
drh Any other suggestions e.g from a file or fd?
Hmm. There's no need to have the password in a file, that can as well
be piped in ('cat passwdfile | openssl x509 -passstdin ...' to
From: [EMAIL PROTECTED] (Bodo Moeller)
bmoeller PGP evaluates a PGPPASSFD
That was the name!
bmoeller environment variable and reads from the named file
bmoeller descriptor; with this approach, you don't have to send
bmoeller passwords and actual data through the same pipe.
Good point. I
Richard Levitte - VMS Whacker wrote:
Hmm. There's no need to have the password in a file, that can as well
be piped in ('cat passwdfile | openssl x509 -passstdin ...' to take a
Unixly example, and yes, there's a way to do that on VMS as well).
Yes but there's windoze to consider as
From: Dr Stephen Henson [EMAIL PROTECTED]
drh Richard Levitte - VMS Whacker wrote:
drh
drh
drh Hmm. There's no need to have the password in a file, that can as well
drh be piped in ('cat passwdfile | openssl x509 -passstdin ...' to take a
drh Unixly example, and yes, there's a way to do
drh Richard Levitte - VMS Whacker wrote:
drh
drh
drh Hmm. There's no need to have the password in a file, that can as well
drh be piped in ('cat passwdfile | openssl x509 -passstdin ...' to take a
drh Unixly example, and yes, there's a way to do that on VMS as well).
drh
drh Yes
Hi !
I am trying to run apache+modssl+openssl+bsafe on NT.
I was able to build the openssl libraries
and Apache.exe(with ssl module:mod_ssl)
I ran the binary "Apache.exe" and i see the apache
server listening on normal port(8080).(I see no
error message while startup) But i dont see
the
The httpd.conf was taken from unix and
Ifdefine SSL was failing hence the
modules were not getting loaded.
I removed the IfDefine from httpd.conf.
(thats the reason we give -DSSL in commandline
to start httpd on Unix ?)
Now the apache with modssl/openssl is running
when i start apache.exe.
Eventhough the openssl complains for the
certificate, it doesnt seem to to mean
much. Because i tried the same certificate on
my Unix installation(same setup:apache/modssl/bsafe)
it worked very fine. And still the openssl
tool on unix complained. probably the error
shown by the tool is not
This is what i found out...
Once i start the apache.exe from commandline,
it asks for the passphrase for the private key.
I enter it and it says the server has started.
But it seems like it is not started. I had put
logtype=debug in httpd.conf and followed the trace
in the ssl_error_log. The
Hi !
The apache server is working with the
dummy certs but not the verisign cert.
I ran the command,
openssl verify mycertificatename
i got the following error
verisign.crt:
/C=US/ST=california/L=location/O=xyzInc/OU=test/CN=Mypc
.xyz.com
error 20 at 0 depth lookup:unable to get local issuer
30 matches
Mail list logo
