[EMAIL PROTECTED] wrote:
Hi,
I'm sorry if this is the wrong place to ask this. If it is
could someone kindly redirect me to the correct place? I am new to
this...
I am working on a client side application that needs to have
a SSL layer to connect to a server. I need to
In my opinion a threaded model has three advantages:
- Takes advantage of multiple processors if you're doing, say, software RSA.
- Often simplifies the code.
- Works, with small overhead, for hardware accelerated RSA as well.
(I guess this is exactly what you are saying, Bodo. Just wanted to
Rich Salz wrote:
Sorry, you're right. The cert-sign is okay, but the crl-sign cert
which is signed by cert-sign fails to verify the sig. We'd normally
suspect the CA that generated the certs, but (1) it verifies when we
use our hardware crypto; (2) it's not our CA. :)
So, we do believe
Rich Salz wrote:
Has anyone added a "-verify XXX" flag to the CRL command?
The XXX would be the file containing the CA cert.
Doesn't look to hard, given X509_PUBKEY_get and X509_CRL_verify
Good idea. It can check the issuer name of the supplied certificate too.
I'll add it when I have
Rich Salz wrote:
Sorry, you're right. The cert-sign is okay, but the crl-sign cert
which is signed by cert-sign fails to verify the sig. We'd normally
suspect the CA that generated the certs, but (1) it verifies when we
use our hardware crypto; (2) it's not our CA. :)
So, we do believe
It seems to be that this behaviour is implied by the extensions: that is
both certificates have the same subject and issuer names and they match
each other: crl-sign however doesn't have permission to sign
certificates but cert-sign does. Presumably this is intended to mean
that you use the
Okay, as a first step toward getting my Mac changes into OpenSSL, here
are the diffs I've made wrt to clean 0.9.4 install.
Next, I'm packaging up some notes and code for Mac people who are
interested in using OpenSSL. Is there an FTP drop box I can place these?
It'll be a little large for
Hi,
I do not understand very well your question.
To generate a certificate request (the client) use: openssl req -newkey
rsa:1024
To sign it and gen the cert. use: openssl ca .
I guess I don't understand this very well, sorry...
On the client side ssl do I need a key pair for a
Salz, Rich wrote:
A bit odd but it makes sense I suppose: I wouldn't like to
guess as to which software will handle this properly though.
Yes, that is exactly what is going on.
It is *VERY* odd -- I'd argue it's broken.
I'd argue its broken too. At the very least I'd expect some other
Len wrote:
Hi,
I do not understand very well your question.
To generate a certificate request (the client) use: openssl req -newkey
rsa:1024
To sign it and gen the cert. use: openssl ca .
I guess I don't understand this very well, sorry...
On the client side ssl do I
However when a CA rekeys you'd expect some indicator of the new key
used, not just: "try everything you've got and see what happens".
You're more optimistic than I.
__
OpenSSL Project
Hi,
Writing to get your input on a problem I just ran into.
I am in the process of porting all the apps/*.c to target
in order to get the whole 'openssl' program running
on OSE RTOS on a powerpc.
The problem is that the programs use global variables
and does not bother to clear them and the
Thanks, that helps.
len
Len wrote:
Hi,
I do not understand very well your question.
To generate a certificate request (the client) use: openssl req -newkey
rsa:1024
To sign it and gen the cert. use: openssl ca .
I guess I don't understand this very well,
On 09/02/99, Per Nilsson said:
In my opinion a threaded model has three advantages:
- Takes advantage of multiple processors if you're doing, say, software RSA.
- Often simplifies the code.
- Works, with small overhead, for hardware accelerated RSA as well.
The use of hardware largely preempts
On 09/01/99, Bodo Moeller said:
One reason for doing things that way (threads instead of multiplexing
in a single thread) is that public-key operations in software
introduce quite a bit of latency, and you don't want all other
connections to stall when there's a handshake at one of them. So
Mark Carey-Smith [EMAIL PROTECTED]:
I'm currently trying to build an openssl 0.9.4 distribution which fails on
the make install step after the previous steps all work correctly.
./configure --prefix=/citec/openssl-0.9.4
./make
./make test
./make install
make install output:
[...]
***
Chris Zimman [EMAIL PROTECTED]:
Bodo Moeller:
[...] maybe in an ideal world it'd be possible to request that slow
software bignum operations be "non-blocking" too in the sense that
after doing some of their work they'd return control to the
top-level, which then can handle other threads and
Lennart Bång [EMAIL PROTECTED]:
I am in the process of porting all the apps/*.c to target
in order to get the whole 'openssl' program running
on OSE RTOS on a powerpc.
The problem is that the programs use global variables
and does not bother to clear them and the simple
shell I am using
Threading would be acceptable if the library created it owns threads
(#define OPENSSL_MAX_THREADS); threadign would then be transparent. But
if the application has to be threaded to use the library, this would
make the library very difficult to use (and think of the traffic on this
list!).
Most probably.
What exactly is printed out when asking for the key (i.e. for
which particular VHost)?
Furthermore you should use the correct list:
Elise Berger schrieb:
Upon bootup, the Apache server prompts for the encrypted key passphrase
twice, instead of once. The first prompt, I
Hi Massimiliano,
and you should be set, just try the program and please report bugs/enhancements
you might want to add.
I tried your patch today, it compiled smoothly. It also works :) You've
made me a happy man :)
The keysize is exactly what I was looking for, but there are two things I
21 matches
Mail list logo