I am "oring" these two constants together in my call to
SSL_CTX_set_verify(). It still doesn't prevent the client from continuing.
Do you have any other suggestions?
Thanks,
George
George,
On the server side, in your call to SSL_CTX_set_verify(), you have two
choices if you want to ena
Hi,
I've created a program that connects to a https server and I've noticed some
memory leaks. after a while I guessed it was on openSSL.
I'm running OpenSSL 0.9.6 on a Windows 2000, Visual C++ 6.0 (SP5)
Does anyone knows why is this happening?
Thanks a lot
---
#include
#include
#include
#i
Date sent: Tue, 24 Apr 2001 20:47:13 +0200
From: Jean-Marc Desperrier <[EMAIL PROTECTED]>
Organization: Certplus
To: [EMAIL PROTECTED]
Subject:Re: Smart Card Readers
Send reply to: [EMAIL PROTECTED]
True about N
Arin Komins wrote:
>
> Hi there,
>
> I'm trying to install Crypt::SSLeay on a Solaris 7 machine.
>
> When I get to the make test:
>
> PERL_DL_NONLAZY=1 /opt/bin/perl -Iblib/arch -Iblib/lib
> -I/opt/pkgs/perl5-5.005_02/lib/5.00502/sun4-solaris
> -I/opt/pkgs/perl5-5.005_02/lib/5.00502 -e 'use Te
On Tue, Apr 24, 2001 at 02:05:17PM -0400, [EMAIL PROTECTED] wrote:
> in the make step I am getting.
>
> ld: Invalid loader fixup for symbol "$002B0009".
> *** Error exit code 1
This error indicates that you are trying to use a object file
created for static l
[EMAIL PROTECTED] wrote:
>
> I've got a web client using LWP working quite well.
> I've installed CryptSSLeay and Open SSL.
> I'm getting SSL access to secure sites at 40 bit without problems.
> I would like to connect to sites at 128 bit using the SSLv3 protocol.
> In this case I'm getting an e
"Kenneth R. Robinette" wrote:
> But no problem, if you order one, and try it out, you will not have to worry
> about the license. You will have given it to
> your kids to play with way before a year is up.
This said if you are successful in using the iButton with the pkcs#11, you can
be confide
On Tue, Apr 24, 2001 at 09:13:56AM +0200, Richard Levitte - VMS Whacker wrote:
> ...
> The way to build shared libraries has changed a bit. Exactly in what
> way did it fail, and exactly how did you configure?
>
> Basically, you have to configure with the keyword "shared" as
> argument, or share
Ok, that sort-of make sense, I think Still, does there exist a good
guide or example for creating & verifying a certificate using the libcrypto
out of the OpenSSL package?
I think I'm getting tripped up in basics like data formats, etc that an
example or tutorial would probably clear up.
Hi,
I have got a DER encoded certificate chain, and I wanna enumerate each
certificate in the given DER encoded certificate chain. So how do i do this
using the X509 funcions in OpenSSL.
Any help would be much more appriciated..
Thanks
Aslam
in the make step I am getting.
ld: Invalid loader fixup for symbol "$002B0009".
*** Error exit code 1
Stop.
Any help would be appreciated.
Thanks.
- Rob
From: "Oliver Bode" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject:Re: Smart Card Readers
Date sent: Wed, 25 Apr 2001 03:07:45 +1000
Send reply to: [EMAIL PROTECTED]
Oliver
Your concern on the license has been answe
> I've been tasked with locking a piece of linux software to a given MAC
> address, possibly with an expiration time.
How about making the license be a cert, where the MAC address appears as
the subject DN and the expiration time appears in the validity period?
/r$
___
The US regulations used to require companies to have export and domestic
versions. It is no longer necessary (although a review is required.)
/r$
__
OpenSSL Project http://www.openssl.org
U
George,
On the server side, in your call to SSL_CTX_set_verify(), you have two
choices if you want to enable client authentication: 1) SSL_VERIFY_PEER, and
2) SSL_VERIFY_FAIL_IF_NO_PEER_CERT. The first politely asks the client if it
will please authenticate, but the handshake will succeed eve
On Tue, Apr 24, 2001 at 10:09:45AM -0700, Rob Aulwes wrote:
> I've read through the email list and documentation to find out how to
> set up the server side to request client certificates. What I haven't
> found is what do I need to do on the client side to submit the client's
> certificate.
If this has been discussed (I didn't see it in the archives) then could
someone direct me to the right place?
I've been tasked with locking a piece of linux software to a given MAC
address, possibly with an expiration time. My thought was to write a
"license generator" which would take a date st
Hi,
I've read through the email list and documentation to find out how to
set up the server side to request client certificates. What I haven't
found is what do I need to do on the client side to submit the client's
certificate. What APIs do I need to use to do this?
Thanks,
Rob
__
Hi,
this is my problem:
when i run 'make install' in for install a perl module
"Net_SSLeay.pm-1.05" i get this:
===cut
here=
# make installmkdir blibmkdir
blib/libmkdir blib/l
Hi Ken,
After testing a few products and looking into this area in more detail I do
think the IKey is the best value around. I'm still waiting to find out if
the towitoko sign and crypt pack will do the job
http://www.towitoko.com/deutsch/eng/prp.htm
I will take your word for it on the ibutton.
Hi,
netscape had two different versions of browser for
US and non-US? IE seems like doesnt have different
versions for US and non-US. How does it differentiate
whether its running in US or outside? or does it
differentiate at all? any help would be appreciated.
Thanks,
Dave
__
From: "Oliver Bode" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject:Re: Smart Card Readers
Date sent: Wed, 25 Apr 2001 01:17:18 +1000
Send reply to: [EMAIL PROTECTED]
Oliver
You should forget that the Java iButton ev
Hello!
I've got (received) a PKCS#7 signed and enveloped
How I can get the certificate from the signer?
Thanks in advance,
Antonio.
--
--
Antonio Ruiz Martínez
Facultad de Informática-Universidad de Murcia
30001 Murcia - España (Sp
My server is doing client authentication. My client is also using verify
peer. When the client attempts to connect it gets a certificate from the
server and continues on. The server is not recieving a certificate from the
client so it is failing. The client attempts to write to the server but
Hello Maxime,
You can find out more about the pkcs11 standard here:
http://www.rsasecurity.com/rsalabs/pkcs/pkcs-11/
When Smart Card manufacturers say their cards are PKCS11 compliant, correct
me if I'm wrong, I take this to mean that the card is designed for x509
certificates and it has the ab
On Tue, Apr 24, 2001 at 03:41:58PM +0200, Peter Lindsäth wrote:
> Well, now there seems to be a problem making a intermediate CA using the self signed
> CA.
> I've been trying some different approaches but I don't seem to get it right. The most
> commonly proposed method, in the mail-archive, woul
Also you might find the ssldump tool useful. Please see
www.rtfm.com/ssldump.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From: "Lutz Jaenicke" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
The memory BIO will grow itself as needed to hold data written into it. You
do not need to size it in advance.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From: "Hausermann Laurent" <[EMAI
Hi all,
I wanting to use the PEM_write_bio_PrivateKey function into a memory
bio...
I have to create a new BIO with sufficient memory space, but how can
I know the size of the PEM data before calling the writing function ?
Thanks in advance.
Laurent
PS : i wanted to do that for communication
Excuse for my above silly question : you can specify a password in the
call PEM_XX_READ ?
Hausermann Laurent wrote:
> Hi all,
>
> I am writing an JAVA Wrapper for OpenSSL , and I want to use the
> PEM_read_foobar functions..The problem is I can't use callback function.
> Is-there anyway in the A
Lutz Jaenicke wrote:
> On Tue, Apr 24, 2001 at 12:27:28PM +0200, Peter Lindsäth wrote:
> > I have the following certificates:
> >
> > root.cert - self signed CA
> > node1root.cert - issued by root
> > node2root.cert - issued by root
> > daemon.cert - issued by node1root
> > client1.cert - issued
On Tue, Apr 24, 2001 at 12:27:28PM +0200, Peter Lindsäth wrote:
> I have the following certificates:
>
> root.cert - self signed CA
> node1root.cert - issued by root
> node2root.cert - issued by root
> daemon.cert - issued by node1root
> client1.cert - issued by node2root
>
> I have an SSL serve
Matthew Watkins wrote:
>I wonder if anyone can help me with a quick question. I've been
>attempting to build OpenSSL on Mac OS X, and appear to have hit a
>brick wall.
Indeed, it is a brick wall. But if you remove some stones, it leaves
a gap wide enough to slip through... :-)
BTW, it was a c
Hi,
I have the following certificates:
root.cert - self signed CA
node1root.cert - issued by root
node2root.cert - issued by root
daemon.cert - issued by node1root
client1.cert - issued by node2root
I have an SSL server which use the daaemon.cert and has root.cert and node1.cert
in its certific
Hi,
How do you work with openssl and PKCS11 SmartCard readers?
Can we export a a PKCS11 certificate with the command line tool?
I can only see a pkcs12 command.
Thanks
Regards
Maxime DUBOIS
__
OpenSSL Project
I'm using openssl 09.5.a
For making a new CA, I specify validity of 1000 days and I also want my certs to
be valid , by default (i.e. if no end date is specified), to be valid for as
long as the CA.
For this I specified the following in openssl.cnf
default_days = 1000 # how long to
Hi there,
Is there anybody out there how could solve the "set serial number option" problem with
the "openssl req x059" command?
What I like to do is to create a self-signed root cert with a supplied serial number
(i.e. not the default 00).
Is the option provided in the latests release or one
hello users,
I have already installed OpenSSL and now what
should i do for the functional apache with ssl support.
regards,
Kalpesh
Thera are 2 ways.
1) Write a script that sets up tha correct values
and than pass them to the command line
2) Patch tha ca command
I've chosen the last one.
I sent the patch on this list some weeks ago. Search for "Useful CA
patch"
subject in the archive.
[EMAIL
39 matches
Mail list logo
