On Sat, Dec 02, 2000 at 12:05:46PM +, Ben Laurie wrote:
Bodo Moeller wrote:
Peter Gutmann [EMAIL PROTECTED]:
Mats Nilsson [EMAIL PROTECTED]:
Should a self-signed root certificate ever need to be revoked, shall it list
itself in its usual CRL(s), as the last thing it does before it is
Ben Laurie [EMAIL PROTECTED] wrote:
Eh? Surely if a cert revokes itself then one of two things has happened:
a) The legitimate owner revoked it
b) Someone else got hold of the private key and revoked it
in either case, you want the cert to be revoked, right?
In case b, nothing would stop the
Alex Cosic a crit :
Hi,
My question is on how to connect JSSE
(java based client) with openssl based web
engine server.
I have tried so far and what I have
got is that I could not create SSL socket with my
opensl server, which works fine with
my openssl client (even when I used JNI
approach to
Hi all,
Please help me. My problems are as follows:
1. I have generated key pair in Netscape (at client side) and then subsequently I have
created Certificate (at server side) using -SPKAC option of "ca" command i.e signing
the request with root private key. This works fine. My problem is how
"Tridib, Mumbai" wrote:
3. If I have a crypto API which can generate a hash of a data and then sign it using
the private key of the certificate, then is it possible to output a PKCS#7
signed-object?If yes, How it can be done.
Technically talking, yes, but only pkcs#7 _without_ any signed
Jeffrey Altman wrote:
From the GNUTLS site:
"You should view this as an alternative implementation of OpenSSL
(actually GNUTLS is closer to Eric Young's SSLEAY rather than
OpenSSL)."
What does this mean?
A great news for everyone for writes GPL code that needs crypto.
When the FSF
"Tridib, Mumbai" wrote:
My problem is how can I generate the key pair in IE
[..]
Has any one done this?
Use the force and read the source: http://www.pyca.de
Ciao, Michael.
__
OpenSSL Project
Hi all,
we are using OpenSSL with smart card. We made hard intervention into OpenSSL
code, that enable use smard card as a key file.
When I use RSA key in file I use standard file, if I want use card, I use
special file with some setting in this file.
I simply call PEM_read_bio_RSAPrivateKey()
I am trying to create a pkcs7-formatted certificate. This is for
an IPsec user. In the IPsec world, even in the year 2000, we are
having silly interoperability battles over raw vs. PEM vs.
pkcs7 certificate formats.
I tried using 'openssl pkcs7 -inform DER -in cert7.p7c -print_certs'
with the
At 09:08 AM 12/4/00 -0800, Rodney wrote:
p.s. all those layers and layers and layers of macros makes it
hard to walk through this code.
Amen to that!
If I didn't have Visual SlickEdit I'd be tearing my hair out.
It's still difficult to manually trace through the function
pointers though.
Rodney Thayer wrote:
I am trying to create a pkcs7-formatted certificate. This is for
an IPsec user. In the IPsec world, even in the year 2000, we are
having silly interoperability battles over raw vs. PEM vs.
pkcs7 certificate formats.
I tried using 'openssl pkcs7 -inform DER -in
I can imagine a scenario whereby an organization might choose to sign a
death notice before going out of business. For example, suppose a
commercial CA decided to go out of business, there might be benefits to
their signing a CRL including their root certificate.
Frank
-Original
Mats Nilsson wrote:
Goetz Babin-Ebell [EMAIL PROTECTED] wrote:
You can generate a new root certificate and use it to
sign the new CRL which lists the old root certificate as revoked...
I'm not sure one should recognize the new root ca to be a legitimate
revoker of the orignal certificate.
Frank Balluffi wrote:
I can imagine a scenario whereby an organization might choose to sign a
death notice before going out of business. For example, suppose a
commercial CA decided to go out of business, there might be benefits to
their signing a CRL including their root certificate.
The
Goetz Babin-Ebell [EMAIL PROTECTED] writes:
Everybody can issue a CRL.
Only a CA with CRL signing enabled can issue a CRL.
A CA can issue a CRL with own revokated certificates but it can issue a CRL
with revoked certificates of other CAs (at least in X509v3...)
A CA can't revoke another CA's
Yes. RFC 2459 (and X.509) call this an indirect CRL. See the issuing
distribution point CRL extension and the certificate issuer CRL entry
extension.
Frank
-Original Message-
From: Rich Salz [mailto:[EMAIL PROTECTED]]
Sent: Monday, December 04, 2000 3:27 PM
To: [EMAIL PROTECTED]
Peter Gutmann wrote:
Goetz Babin-Ebell [EMAIL PROTECTED] writes:
Everybody can issue a CRL.
Only a CA with CRL signing enabled can issue a CRL.
Everybody who can generate a certificate with the propper flags
can generate a CRL.
But he has to find a way to let the user trust him in
Goetz Babin-Ebell [EMAIL PROTECTED] writes:
Peter Gutmann wrote:
Goetz Babin-Ebell [EMAIL PROTECTED] writes:
Everybody can issue a CRL.
Only a CA with CRL signing enabled can issue a CRL.
Everybody who can generate a certificate with the propper flags can generate a
CRL.
Sure, but this
Hi,Would you please talk more about the crypto object
in the Netscape javascript?I want a detailed reference of it.
As to IE,I have collected the answer from this maillist long time ago,
I would like to share it,again.And I still wonder what other function
the xenroll object(or other object)
On Mon, Dec 04, 2000 at 06:12:02PM +0100, [EMAIL PROTECTED] wrote:
I haven't yet changed the comments that describe bn_mul_recursive()
and bn_mul_part_recursive().
Don't forget the bn_internal manpage, please.
void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
-
20 matches
Mail list logo