Your fortune of the week
Title: : Your Weekly Fortune is Here. : 12ji.com : FREE Weekly Fortune Delivery NEW Oriental Philosophy Service SIMPLE EASY Registration To learn more about 12ji, please visit 12ji.com 12ji.com Management Team Email: [EMAIL PROTECTED] Click here if you prefer not to receive future email from 12ji.com. Copyright 2001 Interwiz. All rights reserved.
Re: load_verify_locations(ctx,NULL,path) failed.
It is indeed. The reason load_verify_locations(ctx, 0, caPath) isn't working as expected, is because that method places requirements on how the certificate files in there are named. When you run load_verify_locations(ctx, caFile, 0), all certificates are in caFile are loadad and added to your ctx immediately. No surprises there. Load_verify_locations(ctx, 0, caPath) on the other hand, just provides the ctx with a path from which to look up certificates on demand. No certificates are actually loaded into the ctx just by running this. Now, once your ctx needs to look up a certificate, in the case of the caPath call above, OpenSSL hashes the subject name of the certificate to look up and appends .0 to that hash to generate a filename. It then attempts to open this file in caPath and add the contents to the ctx. So just having a file called file.pem in caPath isn't going to work, unfortunately, as OpenSSL will not be able to locate it. Please see my post yesterday for a quick run-down on how to rename your certificate without the c_rehash utility. Regards, //oscar Glenn wrote: Thanks for all the reply. One point to note is that my path contain only one file/cert, say file.pem. And I have verified that this cert works, using: _load_verify_locations(ctx,c:\\path\\file.pem,NULL). However, _(ctx,NULL,c:\\path\\) does not work. Do you think it is the rehash problem that you are discussing? __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
REMOVE
REMOVE --- http://www.freemail.gr - äùñåÜí õðçñåóßá çëåêôñïíéêïý ôá÷õäñïìåßïõ. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
REMOVE
REMOVE --- http://www.freemail.gr - äùñåÜí õðçñåóßá çëåêôñïíéêïý ôá÷õäñïìåßïõ. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: REMOVE
REMOVE __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Remove
Remove
wrong return value in EVP_SealInit()??
Hi again. EVP_SealInit() returns 0 when an error occurs (that's what the man page says :)). Then... why it returns a 0 value when npubk==0?? This is not necessary wrong. For example, when i set RC4's key length. EVP_OpenInit() returns 1 if the private key is NULL... this is what's expected. Thanks in advance :) __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
CertificateExtensions (id-ce) definition problem
Title: CertificateExtensions (id-ce) definition problem Let me preface all of this with I think I have this right... The 0.9.6b distribution contains the following in Objects.h: (~line 455) #define SN_ld_ce ld-ce #define NID_ld_ce 81 #define OBJ_ld_ce 2L,5L,29L If you recreate the obj_dat.h file using the perl script (perl obj_dat.pl objects.h obj_dat.h), you end up with: obj_dat.h:340: `NID_ld_ce' undeclared here (not in a function) obj_dat.h:340: initializer element for `nid_objs[81].nid' is not constant that's because obj_mac.num defines it as id_ce. The obj_dat.h included with the distribution contains it correctly (id_ce). Objects.h should be corrected to read: #define SN_id_ce id-ce #define NID_id_ce 81 #define OBJ_id_ce 2L,5L,29L Matt Cooper CygnaCom Solutions Manager, Cryptographic Software Development Phone: 703.270.3517 Entrust Fax: 703.848.0960 Securing the Internet
check root CA
Hi, I'm newby, so I hope not to bother you with some stupid question or misunderstud concepts. I have been reading information of how to verify server certificate signed by a root CA in a client. Form what I read, I have to check the server certificate signature with the public key certificate from the root CA. Does anyone know the steps to do this? Any comment and this topic will be greatful. Thanks in advance. Julio Visite http://www.bancorio.com.ar y tenga el Banco al alcance de su mano. NOTA DE CONFIDENCIALIDAD / CONFIDENTIALITY NOTE Este mensaje (y sus anexos) es confidencial y puede contener informacion (i) de propiedad exclusiva de Banco Rio de la Plata S.A. sus afiliadas o subsidiarias; o (ii) amparada por el secreto profesional. Si usted ha recibido este fax o e-mail por error, por favor comuniquelo inmediatamente via fax o e-mail y tenga la amabilidad de destruirlo; no debera copiar el mensaje ni divulgar su contenido a ninguna persona. Muchas gracias. This message (including attachments) is confidential. It may also contain information that (i) is exclusively property of Banco Rio de la Plata S.A. or its affiliates or subsidiaries; or (ii) is privileged or otherwise legally exempt from disclosure. If you have received it by mistake please let us know by fax or e-mail immediately and destroy or delete it from your files or system; you should also not copy the message nor disclose its contents to anyone. Thank you. ** __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
error on doing ./CA.pl -signreq
Hi, I am just starting on my thesis which involves ssh and ssl usage. I was running the CA.pl script. I created a new CA, and then i created certificate sign request and finally when I did ./Ca.pl -signreq, it gave me the following error CA.pl -newca -worked CA.pl -newreq -worked CA.pl -signreq -gave error The error i got is this: Using configuration from usr/share/ssl/openssl.conf unable to load CA private key 5514:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:662:Expecting: ANY PRIVATE KEY Signed Certificate is in newcert.pem any help will be appreciated. regards Yasir __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]