How do you generate a CRL with the openssl tool?
Thanks,
George
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager
Hi
Has anyone seen this error before.
I'm compiling on nt4 with ms visual C++ 5/6
The method that i call:
int X509CTX_verify_callback(int ok, X509_STORE_CTX *ctx)
{;}
The Call:
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER|
SSL_VERIFY_FAIL_IF_NO_PEER_CERT, X509CTX_verify_callback);
Hello!
I'm some questions
1)
int verify_callback(int ok, X509_STORE_CTX *ctx);
Does this function make the verification of the certificate received
with the certificate of the his CA?
2) How I can generate a store of certificates?
Thanks in advance,
Regards,
Antonio.
--
Hello,
I have a question using certificates when using client authentication on
server side.
Normally the client's X509 certificate is stored on the local harddisk and
SSL_CTX_use_certificate_file is used to tell the library were it can be
found, is that right ?
Is it possible to 'forward' an
Hi,
me again :-) I'm running into serious problems when trying to connect to a
server which does know nothing about SSL.
I.e. connecting to a telnet server with the following code snippet seems to
run into an infinite loop.
---
SSL_METHOD* pSSLMeth;
X509* pcrtCertificate;
//
On Wed, May 02, 2001 at 04:28:39PM +0200, Ed Voncken wrote:
My question is:
- How do I configure OpenSSL for PRNGD (either UNIX or TCP socket)
I could not find a ./Configure option to specify an interface to PRNGD;
I assume that it is a compile-time issue.
As of now (OpenSSL 0.9.6a), the
Hi Steve!
It's good to hear from you (and reassuring to have you in the family)!
A GPK card (for example) can handle PKCS#1 operations, at least it says
so in the documentation, but I haven't been able to find any local
experts who advocate doing anything aside from Private key decrypt,
sign,
Greetings,
I am working on a program that will be used in every country. The application
will NOT use any encryption and just use crypto libraries for digital
signatures.
It has been suggested that we use RSA for digital signatures. Is this a good
idea? What is the state of the world in
Ahem. Apologies for that, again that was an e-mail intended for Dr.
Henson only and not intended to spam everyone else on the list.
What are the chances that we can get that reply-to field changed?
--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--
Gila Monstre
The SSL_CTX_set_timeout() function does not do what you want. It sets the
lifetime of an SSL session, which is the period during which you can reuse
the pre-master secret and avoid expensive public key crypto ops.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
I have been able to successfully implement the following sequence of events
when:
a) Both the Client and the Server are using the MS Crypto API.
b) Both the Client and the Server are using OpenSLL.
On the Client:
1) Generate a Public/Private Key Pair.
2) Export the Public Key.
3) Transmit the
My guess is that you have a big-endian/little-endian
problem. When I wanted to get CAPI to interoperate with the
encryption functions provided by RSA's Crypto-C toolkit I had
to byteswap the key values before the could be imported into
the other API.
-Original Message-
From:
idea? What is the state of the world in regard to crypt laws? Can we
For a good overview of international crypto laws take a look at
http://cwis.kub.nl/~frw/people/koops/lawsurvy.htm
Regards
Ulf
Ulf Leichsenring
Lufthansa Systems AS GmbH
Schützenwall 1
Yes, that is exactly what you need to do, unless you plan to reverse
engineer Microsoft's proprietary private key storage encryption mechanism.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
Ed,
I'd try this freeware package:
http://www.cosy.sbg.ac.at/~andi/
It works great and it delivers better entropy than the typical entropy seed
file needed without it. I've built a couple of packages ready for install,
which can be downloaded at:
Jamshid Shoghli [EMAIL PROTECTED] in epsilon.openssl.dev:
I am trying to generate certificates with public exponent of the public key
with value 244 or higher,
RSA_generate_key(bits, exp, NULL, NULL);
where bits is 1024, and exp is 244.
But this call never comes back. I tried with
I'm trying to write a sample server under VMS using OpenSSL.
The client is in Phaos' SSLava on a Solaris machine.
My server program is sort of stuck in SSL_accept function: it returns
WANTS_READ code. The client is waiting.
Any thoughts?
I've already tried OpenSSL s_server: it works but (!)
The CN of the certificate must match the hostname you entered into Outlook
and OE's imap configuration. In other words, if you told Outlook the name of
the IMAP server is imap.blahblah.com, then the cert must have a CN of
imap.blahblah.com. If you put 1.2.3.4 in Outlook, the the CN must say
You can add the second CN in the config file, something like
1.CN=CN#1
1.CN_default=127.0.0.1
2.CN=CN#2
2.CN_default=localhost
Greg Stark
[EMAIL PROTECTED]
- Original Message -
From: Olivier Wegria [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, April 23, 2001 1:21 PM
Subject:
I note that openssl supports DSA with more than 1024
bits. I've also seen several other vendors who claim
2048 bit DSA support.
This leads me to wonder:
1) Since the DSS specifies 512-1024 bits, how are
these extentions calculated? And are the various
vendor implementations interoperable?
I
I donot see AES support in the crypto library. Are we going to have that
soon ?
Thanks,
Imran Badr.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL
If I use the code below to encrypt and decrypt it doesn't always produce the
same results. The majority of the time it works but I can't find anything
explaining why it doesn't work 100% of the time.
void EnDe(unsigned char *buf)
{
RC4_KEY key;
unsigned char keys[17] =
Not like this is a deadly sin, but it would be nice if the following bug
were fixed. The $rnsf variable yields a warning from perl -w on the
following line, when a blank
or false $rn_seed_file is passed:
unless ($rnsf || -r $Net::SSLeay::random_device || $seed || || -S
$egd_path) {
--
On Wed, 2 May 2001 [EMAIL PROTECTED] wrote:
If I use the code below to encrypt and decrypt it doesn't always produce the
same results. The majority of the time it works but I can't find anything
explaining why it doesn't work 100% of the time.
void EnDe(unsigned char *buf)
{
Hello:
Best of the evening to you.
How can we get detailed instructions on how to install Open SSL? We
would appreciate any assistance that can be made available. We were
told that this would work only on a unix box, but apparently not looking
at your page
In the 'dsaparam' manual the following parameter is described ...
numbits
this option specifies that a parameter set should be
generated of size numbits. It must be the last option.
If this option is included then the input file (if
any) is
Vivian Cancio [EMAIL PROTECTED] writes:
In the 'dsaparam' manual the following parameter is described ...
numbits
this option specifies that a parameter set should be
generated of size numbits. It must be the last option.
If this option is included
27 matches
Mail list logo