Regarding CAST, see http://www.ietf.org/ietf/IPR//CAST-128-entrust. BTW, section 8 of
RFC 3280 points to http://www.ietf.org/ipr.html.
Frank
Markus Moeller and I have made SPNEGO C APIs and Apache modules available at
https://sourceforge.net/projects/modgssapache/. The project contains three
packages:
fbopenssl
mod_spnego
modgssapache
fbopenssl (for lack of a better name) is a library of extensions to OpenSSL,
including APIs for
-0400, Frank Balluffi wrote:
I need to call libcrypto from a .so file on Solaris using gcc.
When I build 0.9.7b as shared objects with the following commands:
./config no-rc5 shared
make depend
make
Did you unpack from sratch or may there be components left from a previous
build?
Your
Nothing.
Frank
[EMAIL PROTECTED]
I need to call libcrypto from a .so file on Solaris using gcc.
When I build 0.9.7b as shared objects with the following commands:
./config no-rc5 shared
make depend
make
I get the following errors:
+ gcc -shared -G -dy -z text -o libcrypto.so.0.9.7 -h libcrypto.so.0.9.7 -Wl,-z,
allextract
Fernando,
I think all user-defined tags in a CHOICE (e.g., [0]) are EXPLICIT -- I could be wrong
and don't have time to check right now (it's been a while ...).
So I think you want:
ASN1_EXP(Seq1, value.field2,Sub_seq200, 0)
Frank
On Thu, Jun 26, 2003, Frank Balluffi wrote:
Fernando,
I think all user-defined tags in a CHOICE (e.g., [0]) are EXPLICIT -- I could
PEM_ASN1_write_bio calls RAND_pseudo_bytes to generate iv, skipping the message
digesting process described in section 6.1 of PKCS #5, which EVP_BytesToKey optionally
supports.
Should PEM_ASN1_write_bio be modified to get its iv via EVP_BytesToKey's last
argument? Thanks.
Frank
--
This
Message History
From: Frank Balluffi [EMAIL PROTECTED]@openssl.org on 05/31/2002
03:14 PM AST
Please respond to [EMAIL PROTECTED]
DELEGATED - Sent by:[EMAIL PROTECTED]
To:[EMAIL PROTECTED]
cc:
Subject
I have not been following this thread closely. So the following point, which
is based on my experience using ATT CryptoLib, RSA BSAFE and OpenSSL, may
or may not have been made or be relevant.
Some big integer libraries ignore the most-significant bit [of the first
octet] of a (big) integer
Richard Levitte said:
OK, I'm starting to prepare myself for a major haulover of the way
OpenSSL is built on Windows with VC++.
...
1. Making the whole build thing to work a little more like it does on
Unix.
Because it is possible to build .dsp files from both the command line and
Amodhini,
Try calling SSLeay_add_all_algorithms at the top of main.
Frank
-Original Message-
From: Amodhini U [mailto:[EMAIL PROTECTED]]
Sent: Thursday, November 29, 2001 6:06 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: RSA-signing a previously-digested message
I see that the UNIX version of RAND_poll uses /dev/urandom by default (see
the definition of DEVRANDOM in e_os.h and its use in rand_win.c).
Can someone explain to me the difference between /dev/random and
/dev/urandom or point me to a reference. I am particularly interested in
when each blocks
Oops! I meant to ask is detached shorthand for content not present?
Frank
-Original Message-
From: Frank Balluffi [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, October 30, 2001 9:37 PM
To: '[EMAIL PROTECTED]'
Subject: PKCS7's detached
What is the meaning of PKCS7's detached
I can imagine a scenario whereby an organization might choose to sign a
death notice before going out of business. For example, suppose a
commercial CA decided to go out of business, there might be benefits to
their signing a CRL including their root certificate.
Frank
-Original
Yes. RFC 2459 (and X.509) call this an indirect CRL. See the issuing
distribution point CRL extension and the certificate issuer CRL entry
extension.
Frank
-Original Message-
From: Rich Salz [mailto:[EMAIL PROTECTED]]
Sent: Monday, December 04, 2000 3:27 PM
To: [EMAIL PROTECTED]
Steve Henson said:
BOOLEAN is an evil thing for the ASN1 code. Its declared as an 'int'.
Every other type is declared as a pointer which is allocated as
required: if it is NULL then the field is omitted (I'll be adding a
check to see if thats allowed at some point: i.e. only if the type is
I am confused about how to check a key usage extension. I see that ca_check
"calls" ku_reject, which uses the X509 ex_flags element.
Is it necessary to use the ku_reject method or is it possible to call
d2i_ASN1_BIT_STRING (to decode the KeyUsage BIT STRING) and then
ASN1_BIT_STRING_get_bit to
I am unable to decode an authority key identifier extension containing a
directory name choice in a Microsoft-Certificate-Server-generated
certificate using OpenSSL's d2i_AUTHORITY_KEYID when d2i_GENERAL_NAMES is
asked to expect the class universal (i.e., V_ASN1_UNIVERSAL):
contain the extension's AuthorityKeyIdentifier value,
not the entire extension. Thanks.
Frank
-Original Message-
From: Dr S N Henson [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, October 03, 2000 11:48 AM
To: [EMAIL PROTECTED]
Subject: Re: d2i_GENERAL_NAMES
Frank Balluffi wrote
Steve,
Thanks. It sounds like I need to go back and do the rest of my homework.
Sorry for the trouble.
Frank
-Original Message-
From: Dr S N Henson [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, October 03, 2000 2:21 PM
To: [EMAIL PROTECTED]
Subject: Re: d2i_GENERAL_NAMES
Frank
Richard Levitte - VMS Whacker [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 25, 2000 11:42 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: Objects and a configuration file
From: Frank Balluffi [EMAIL PROTECTED]
frankb 1. I can see lots of value in using a file (that maps an
fra
My experience has been that you need to consult each standard separately.
RFC 2459 is good in that it includes object identifiers from a bunch of
standards, including the PKCS standards, and the X.5 standards (e.g., X.509
and X.520).
Frank
-Original Message-
From: Richard Levitte -
A few thoughts:
1. I can see lots of value in using a file (that maps an object identifier's
numeric representation to and from its string representation) when decoding.
I can't see much use when encoding. Perhaps someone else can?
2. When possible, use an existing standard. RFC 2253's oid =
Steve,
If the decoder possesses meta data, it would be nice for the decoder to
report the location and cause of errors. For example, if the third
extension in a certificate contained the illegal object identifier value
1.9.3.4, the decoder could report the equivalent of something like:
Paolo,
I am
not sure I understand your problem, but you may need to load the ciphers. Did
youload the ciphers programmatically (e.g., by calling
SSLeay_add_all_algorithms)?
Frank
-Original Message-From: Montini Paolo
[mailto:[EMAIL PROTECTED]]Sent: Friday, August 25, 2000
Peter,
It is my understanding that an i2d function should return the length of the
identifier, length and content octets, and that in the case described below
i2d_ASN1_OBJECT did not. That's all.
Based on Steve's message (which I read after sending my message), this has
been fixed.
Frank
27 matches
Mail list logo