Hi Olaf et Al.
Use this command line with your settings.
It should work since in my LX box it works with Netscape/OutLook!
openssl pkcs12 -export -inkey hostKey.pem \
-in hostCert.pem -name soggy \
-certfile caCert.pem -caname Root CA \
I'm looking for an example of a RSA Digital Signature Using Hash Function
(text followed by the signature).
Does anyone know where to find a more technical description of such a
signature (like the ASN.1 syntax) ?
Does anyone have a sample of such a signature including the public key to
verify
Hi folks,
I have built the OpenSSL-engine code(0.9.6.b) in my Windows NT machine. I'm
basically interested in creating a new CA,creating a Certificate and signing
and verifying that Certificate. All seems fine except that I'm not able to
verify the Certificate which I'm creating(from command line
On Mon, Aug 27, 2001 at 06:23:30PM -0700, chirs charter wrote:
Hello,
Can someone elaborate on these two log entries:
Aug 27 21:22:12 catfish imapd[3449]: [ID 781445
local6.notice] starttls: TLSv1 w
ith cipher RC4-MD5 (128/128 bits) no authentication
Aug 27 21:22:14 catfish imapd[3449]:
Hi,
I have 2 almost identical accounts of the Rabin-Miller test. One is in
Schneier's 'Applied Cryptography' and the other is at
http://mason.gmu.edu/~kgaj/ECE590/spec/dong.html ( from a Google search).
I can follow the procedure quite well, except for the role of the variable
'j', which has no
hi Kim,
On Tue, 28 Aug 2001, Hellan,Kim KHE wrote:
I'm looking for an example of a RSA Digital Signature Using Hash Function
(text followed by the signature).
Probably the most relevant data structure is PKCS7 Signed.
Does anyone know where to find a more technical description of such a
Hi,
I have gone through some implementations of DES/3DES and found that the
des_key_schedule is generated just before the data is given to the
encryption API. I have got some clarifications and I would be thankful if
somebody could clarify these:
1. Isn't it advisable to generate the
Hi,
Sisyphus [SMTP:[EMAIL PROTECTED]] asked:
I have 2 almost identical accounts of the Rabin-Miller test. One is in
Schneier's 'Applied Cryptography' and the other is at
http://mason.gmu.edu/~kgaj/ECE590/spec/dong.html ( from a Google search).
I can follow the procedure quite well, except
You have read up to step 5? :-)
HTH,
Thomas
Thanks, Thomas - the penny has finally dropped. I just have to loop through
steps 4 and 5, incrementing j for as long as jb. Dunno why I couldn't see
that - been looking at it for long enough.
Cheers,
Rob
On Mon, 27 Aug 2001 14:50:39 -0400, you wrote:
unsigned long SSL_pthreads_thread_id(void) {
unsigned long ret;
ret=(unsigned long)pthread_self();
return(ret);
}
The return type of pthread_self(), pthread_t, is not necessary a type
castable to unsigned long, which makes this
The place to start for the ASN.1 for such beasts is usually the PKCS site,
(http://www.rsalabs.com/pkcs/index.html). Look at PKCS#1 and PKCS#7.
Greg Stark
[EMAIL PROTECTED]
- Original Message -
From: Hellan,Kim KHE [EMAIL PROTECTED]
To:
Why do you think it is a problem? IE tends to do things differently than
Netscape ;). For a number of reasons, IE will close a connection after the
handshake, and then reconnect. It shouldn't cause any problems.
Greg Stark
[EMAIL PROTECTED]
-
[ On info-cyrus: ]
I am seeing strange behavior with STARTTLS falling
back to version 1 with outlook clients however when I
connect from localhost using openssl client command it
appears ready to do buisness using version 3.
I am using Cyrus 2.0.16 and OpenSSL 0.9.6 and am using
Outlook as
Hi there,
running perl 5.004_04 on Solaris 2.6, SPARC, OpenSSL 0.9.6,
I have installed Crypt-SSLeay-0.29.
No compilation problem (excepted for an other module:
libwww-perl-5.5395).
After some test, everything goes fine. But, I have tried to connect
to a running machine which has NO Web server
/*** if (tid == 0) this check was a bad idea, for further
discussion of weak memory models and
aggressive optimization techniques you are
welcome to comp.programming.threads ***/
Been there, done that, and you're
On Tue, 28 Aug 2001 12:13:40 -0400, you wrote:
/*** anyway, pthread_once is not too good either - something
like a C++ constructor on a global static variable would be
much better ***/
pthread_once(tid_once, init_openssl_tid);
That's not portable -- go look at the
we are using openssl to issue personal certificates to
our employees so that we can restrict access to our
website.
we would like to prevent users from moving these certs
from their PC to another PC.
is there any way to tag these certificates so that a
browser will refuse to export them?
is there any way to tag these certificates so that a
browser will refuse to export them?
no.
--
Zolera Systems, Your Key to Online Integrity
Securing Web services: XML, SOAP, Dig-sig, Encryption
http://www.zolera.com
__
werner fraga wrote:
we are using openssl to issue personal certificates to
our employees so that we can restrict access to our
website.
we would like to prevent users from moving these certs
from their PC to another PC.
is there any way to tag these certificates so that a
browser
You should set up you're server to do a man-in-the-middle attack defense.
Check that the ip address stored in the cert (could be stored in the common
name field) corresponds to the ip address of the peer trying to connect to
you're server. That way someone elsewhere using an exported certificate
franck P. wrote:
Hi there,
running perl 5.004_04 on Solaris 2.6, SPARC, OpenSSL 0.9.6,
I have installed Crypt-SSLeay-0.29.
No compilation problem (excepted for an other module:
libwww-perl-5.5395).
After some test, everything goes fine. But, I have tried to connect
to a running
--redirected to -users
I think that is how it should work. I see no reason why another DNS lookup
should be made after the first one. I assume that a gethostbyname() is
called once.
BTW, you random seeding is totally insecure, but you probably already know
that.
Greg
Unfortunately, the OpenSSL wrapper around gethostbyname cache's lookup
results forever, so you'll need to restart your application. I know you
said you can't do that. Good luck figuring out how to address this.
Infinite caching of gethostbyname() results is a bug, so I added -dev
back to the
Title: SSLEAY32
I have come across a problem I'm not quite sure how to fix. I use d2i_x509 in one of my applications. When I compile on NT I can't find any libssl.lib or libcrypto.lib files all I find is ssleay32.lib so I link against that. It comes up with an undefined symbol _d2i_x509.
Hello,
I am looking to build the SSL module on perl 5.6.1 on a HPUX 10.20 platform.
Can somebody give me some advice as to what version I should use? where I
should go to get it? Any specific steps involved?
Thanks in advance,
Paul Szeto
Unix Systems Group
Merck-Medco
* FRLN#60
*
steve wrote:
Do you mean 'private keys'? Certificates are public
knowledge and can't be restricted in that way. What OS
is this for, if windows then you can for MSIE but it
depends on how you import the certificates in the
first place.
i think i mean 'certificates', as in
Title: Message
Yes but for some reason d2i_x509 is not exported by ssleay32 nor libeay32.lib.
That is what I'm trying to figure out. I link with both of the libraries and
call d2i_x509 in one of my methods and during linking I get a undefined symbol
for d2i_x509
-
Andrew
What you are referring to is in fact the private key information and not
just the public certificate. I don't know of any way to stop a mozilla user
from doing the backup, I'm just not that familiar with mozilla. For IE and
if you are using one of the MS providers, the default is to disallow
From: Greg Stark [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject:Re: can we prevent export of a personal certificate?
Date sent: Tue, 28 Aug 2001 17:40:31 -0400
Send reply to: [EMAIL PROTECTED]
If they are using the
Title: Message
Hmm.. Looking at my libeay32, I have a d2i_X509, but no
d2i_x509. Perhaps your code just has a typo, and you meant to use the upper case
X?
Greg Stark[EMAIL PROTECTED]
- Original Message -
From:
Andrew Finnell
To:
is there any way to tag these certificates so that a
browser will refuse to export them?
If importing p12's into MSIE don't select the option on the browser that
says Mark private keys as exportable if using pkcs7 on the MSIE html
request form set the GenKeyFlags to 1.
On Netscape you can't
31 matches
Mail list logo
