I do not know if this is the correct place to post this, but the only
error message I see is OpenSSL errors in apache's output.
here goes...
[Fri Apr 27 18:06:19 2001] [error] mod_ssl: SSL handshake failed (server
www.hidden.com:443, client hidden) (OpenSSL library error
follows)
[Fri Apr 27 18
A related question:
if I have a hardware random number generator and i use it instead of
/dev/urandom, is it likely to improve performance at all?
how much will it help?
thanks,
vijo.
On Fri, 27 Apr 2001, you wrote:
> On Fri, Apr 27, 2001 at 11:33:25AM -0700, Crosland, Jerel (Contract) wrote
Achtung, die von Ihnen versandte Mail enthaelt entweder
einen Computer Virus oder mindestens eine beigefuegte Datei des Typs
BAT, CHM, CMD, COM, CPL, EXE, HLP, INF, INS, ISP, JAR, JS, JSE, LNK, MDB, MDE,
MSC, MSI, MSP, MST, OCX, PIF, PL, REG, SCR, SCT, SHB, SHS, VB, VBE, VBS, WSC,
WSF, WSH
und wur
On Fri, Apr 27, 2001 at 11:33:25AM -0700, Crosland, Jerel (Contract) wrote:
> I'd like to use the http://ocotillo.sourceforge.net";>Ocotillo
> PRNG with OpenSSL, but it is failing when I do the "make test" in the
> "randtest" module. Ocotillo creates a named pipe at /dev/urandom but if
> OpenSSL i
From: "Bryan" <[EMAIL PROTECTED]>
bryan> Its always nice to hear your not the only one. I had this same problem
bryan> building 0.9.6a on OpenVMS 7.2 on a VAX w/ Multinet 4.3. To get it to stop
bryan> I had to edit [.CRYPTO.MD5]MD5_DGST.C to comment out this line:
bryan> const char *MD5_ver
From: William Hamish Bell <[EMAIL PROTECTED]>
wbell> %LINK-E-OUTSIMG, attempted store location %X000504E0 is outside image
wbell> binary (%X
wbell> to %X)
wbell> in psect MD5_VERSION module MD5_DGST file
wbell> $1$DKB300:[CDF.BELL.OPENSSL-0_9_6.VAX.EXE.CRYPTO]LIBCRYPTO.OL
> Michael wrote:
> >
> > > hi,
> > >
> > > i'd like to know how to do GET / POST requests over HTTPS.
> > >
> > > there's some demos/bio example,
> > > but doesn't compile on Linux.
> > >
> > perl+ Net::SSLeay
> >
>
> My mistake. I guess I'm tired. I thought you were an internal
> Michael. S
Its always nice to hear your not the only one. I had this same problem
building 0.9.6a on OpenVMS 7.2 on a VAX w/ Multinet 4.3. To get it to stop
I had to edit [.CRYPTO.MD5]MD5_DGST.C to comment out this line:
const char *MD5_version="MD5" OPENSSL_VERSION_PTEXT;
I don't think it is a good a
Hi,
I tried to build version 0.9.6 on an OpenVMS Alpha Operating System,
Version V7.1.
Having unpacked the openssl 0.9.6 tar ball. I tried to build the package
in stages.
@MAKEVMS OPTION NORSAREF NODEBUG
config, buildinf, and softlink stages all went well.
The crypto library successfully bui
Michael wrote:
>
> > hi,
> >
> > i'd like to know how to do GET / POST requests over HTTPS.
> >
> > there's some demos/bio example,
> > but doesn't compile on Linux.
> >
> perl+ Net::SSLeay
>
> [EMAIL PROTECTED]
> __
> OpenSSL P
First post here, please cut me some slack. I'm doing some research on SSL
and was looking for some help in regards to a question that might seem a
bit obvious. I'm trying to locate the algorithms in openssl causing the
largest bottlenecks (i.e. decryption of pre_master_secret).
I'd greatly appre
Michael wrote:
>
> > hi,
> >
> > i'd like to know how to do GET / POST requests over HTTPS.
> >
> > there's some demos/bio example,
> > but doesn't compile on Linux.
> >
> perl+ Net::SSLeay
I'm not sure I understand your question. Examples of doing this in my
application are in the files HTTPin
> hi,
>
> i'd like to know how to do GET / POST requests over HTTPS.
>
> there's some demos/bio example,
> but doesn't compile on Linux.
>
perl+ Net::SSLeay
[EMAIL PROTECTED]
__
OpenSSL Project
Has anyone had any experience with OpenSSL in an embedded environment? I'm
trying to trim libcrypto.a and libssl.a down to a reasonable size for an
embedded project. I've turned off all but the few ciphers that I need, and
that only trimmed off about 200kB. (The ciphers that I kept are des, rsa
I'd like to use the http://ocotillo.sourceforge.net";>Ocotillo
PRNG with OpenSSL, but it is failing when I do the "make test" in the
"randtest" module. Ocotillo creates a named pipe at /dev/urandom but if
OpenSSL is treating it like a character device it may not work correctly.
I'm out of my depth
- Original Message -
From: "Francis DeLaMaza" <[EMAIL PROTECTED]>
> BTW, what is AES?
- Original Message -
From: "Francis DeLaMaza" <[EMAIL PROTECTED]>
> Any disadvantages to AES? Who is
> developing it? Opensource?
AES is the soon to be government standard titled "Advanced Enc
Hi,
No I'm looking for some the docs of pkcs#7 functions exported by openssl.
Thanks any way..
Aslam
-Original Message-
From: Oliver Bode [mailto:[EMAIL PROTECTED]]
Sent: Friday, April 27, 2001 12:30 PM
To: [EMAIL PROTECTED]
Subject: Re: PKCS#7 support in openssl-0.9.6a
Aslam,
Is t
Hello Maxime,
With MS You can do it using xenroll.dll and with Netscape you use keygen to
generate keys on the card.
In MS you have to get a list of available CSP's also using xenroll, and then
user just has to choose the right csp and then they press enter and the card
does the rest. It's a ver
On Tue, Feb 27, 2001 at 12:05:36PM +0100, [EMAIL PROTECTED] wrote:
> wwwlib examples don't work with https, all i found was this:
> http://www.w3.org/Library/src/SSL/WWWSSL.html
> ( Because US regulations on encryption .. )
>
> i'd be really happy if someone just told me how to fix OpenSSL demos/
Hello,
I would like to know if anybody can help me about using smart card readers
with an openssl based web application.
I want to generate the keys in the smart card (client computer), transmit a
certificate signed request to my CA sever that signs it automatically and
import it back into the sm
Aslam,
Is this what you are looking for?
http://www.openssl.org/docs/apps/pkcs7.html#
- Original Message -
From: "Aslam" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Saturday, April 28, 2001 1:08 AM
Subject: PKCS#7 support in openssl-0.9.6a
> Hi,
>
> Is there any documentation
Hi,
I've written a small test program to experiment with OpenSSL and have
come across a deadlock. The deadlock occurs when I invoke the
SSL_use_PrivateKey_file twice for two different SSL* objects. The
deadlock occurs on the second call to SSL_use_PrivateKey_file. I'm
using OpenSSL v0.9.5a
Hi,
Is there any documentation about the pkcs#7 support in openssl.
Any help is much more apriciated.
Thanks
Aslam
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
On Fri, Apr 27, 2001 at 09:51:07AM -0400, George Lind wrote:
> Within the verify callback function X509_STORE_CTX_get_error(ctx) returns a
> 26 which is "unsupported certificate purpose". The callback function than
> checks the verify depth. Since this is within the depth range the
> certificate
Hi,
> Well the key sizes are fixed in the TLS/SSL standards. If you change
> them the server and client is broken and no longer compliant.
True. But just to test the proof of concept, it would be O.K.
> You could use an experimental ciphersuite number for a new ciphersuite
> which would then on
Situation: Need to be able to generate Client Certificates for users in
order to use SSLVerifyClient 2.
I cannot successfully connect the first user to the server (after
I figure out how to connect first client, the rest will be easy)
Here are the details:
Apache/1.3.19 Ben-SSL/1.42 (Unix)
OpenSS
Within the verify callback function X509_STORE_CTX_get_error(ctx) returns a
26 which is "unsupported certificate purpose". The callback function than
checks the verify depth. Since this is within the depth range the
certificate is "OK". What exactly does that error message mean and why is
the
> 1. It uses the (deprecated) subjectUniqueID field, there's nothing
> strictly speaking wrong with that but it is a BIT STRING used to wrap
> another structure, specifically:
>
> 0:d=0 hl=2 l= 28 cons: SEQUENCE
> 2:d=1 hl=2 l= 5 prim: OBJECT:1.2.886.1.1
> 9:d=1 hl=2
Francis DeLaMaza wrote:
>
> Greg,
>
> Based on what I've discovered so far, and your feedback, it seems that the
> best approach is to tweek the default keylegth of the RC4/SHA ciphersuite.
> This cipher method comes standard under SSL v3/TLS1 at 56-bit and 128-bit
> functionality.
>
> It doe
Please don't send me personal copies. The list is the best place to go.
On Fri, Apr 27, 2001 at 05:27:52PM +0530, Siva wrote:
> Case I :
> I have a SSL server and SSL client program.I am able to
> communicate between SSL Server and SSL Client perfectly using the
> certificates created in
Hi,
Can anyone help me solving the
following problem.
Case I :
I have a SSL server and SSL
client program.I am able to
communicate between SSL Server and SSL Client
perfectly using the
certificates created in Linux box.
Case II :
When I use ' openSSL's
s_server
Dear all,
Instead of using RedHat 7.1 openldap rpm, I wanna build the program by
source:
program used:
- openssl-0.9.6a
- openldap-2.0.7
I using the following config:
# env CPPFLAGS="-I/usr/local/ssl/include" LIBS="-L/usr/local/ssl/lib" \
./configure --with-tls -with-cyrus-sasl --with-ldbm-ap
One example of how to get
https or http is simply in the code of ocsp.c in the apps
directory.
The apps/ocsp.c code initialized optionally a normal or ssl
connection. Then you just send your http data stream into
it.
if you want to add proxy support for ssl: Use the proxy host
instaed, and
>From: "Vadim Fedukovich" <[EMAIL PROTECTED]>
> w3c-wwwlib from www.w3c.org
wwwlib examples don't work with https, all i found was this:
http://www.w3.org/Library/src/SSL/WWWSSL.html
( Because US regulations on encryption .. )
i'd be really happy if someone just told me how to fix OpenSSL d
On Thu, Apr 26, 2001 at 03:02:35PM -0400, George Lind wrote:
> I am having a problem with the server I wrote, which is doing client
> authentication. The server is getting the following error on the
> SSL_accept() call:
> 140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned.
>
Underscore is not a valid character for PRINTABLESTRING's, however it is for
IA5STRING. It seems that keytool has encoded the component of the name that
contains the underscore as a PRINTABLESTRING, and therefore has produced an
illegal ASN.1 encoding. Perhaps you should avoid using the undersco
Hi!
It's the same as using plain connection... The difference is that the
connection between client and server is encrypted...
Uro Gaber
PowerCom Gaber & Globocnik d.n.o.
http://www.powercom-si.com
eMail: [EMAIL PROTECTED]
Tel: 01/724-84-26 -- +386-1-7248426
Fax: 01/724-84-27 -- +386-1-7248427
37 matches
Mail list logo