I am compiling OpenSSL on Windows 2000.
I read "INSTALL.W32" that came with the source. I had a
successful compile using Mingw32. Further down in "INSTALL.W32"
I see the following note...
"libcrypto.a and libssl.a are the static libraries. To use the
DLLs,
link with libeay32.a and libssl32.a inste
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi!
Problem:
I am in the following situation:
I have generated a CA using openssl.
I have a smart card containing a private key.
How do I generate a certificate request based on an already existing
certificate containing the public key which is cor
On Tue, Nov 12, 2002, Henry E. Thorpe wrote:
> Question:
>
> Is there a standard for how the e-mail address is supposed to be
> contained in the Subject or Alternative name extension of an x509
> certificate?
>
> We have some folks trying to set up a PKI using a Microsoft
> Certificate server.
Can someone please confirm for me that, by default, OpenSSL never requests a
renegotiation and that if you want it to initiate a renegotiation, you have
to specify a timeout or byte count.
DS
--
David Schwartz
<[EMAIL PROTECTED]>
_
In message <002301c28b72$8d1d1060$142c2e04@internet> on Wed, 13 Nov 2002 16:12:32
-0800, "marcus.carey" <[EMAIL PROTECTED]> said:
marcus.carey> Exactly what are you testing, installation, routines etc.
Tests that need to be performed:
- configuration and build
- test suite
- installation (be wi
Richard
Exactly what are you testing, installation, routines etc.
I have RH Linux on i686, Windows 2000 Server and Windows Professional.
Marcus
- Original Message -
From: "Richard Levitte - VMS Whacker" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Wednesday, Nov
At 11:42 14.11.2002 +1300, you wrote:
On Wed, Nov 13, 2002 at 09:35:47AM +0100, Karl-Michael Werzowa wrote:
> letters, etc. (If you use an Ö or Ä it may be easy, but what about
> hungarian, slovak, croatian characters? How to type these? Do you know the
> possible transcripts?)
> The best way seem
As we're starting up our release process again, we'd need to have as
many as possible test the latest snapshots for us. I can personally
cover Debian GNU/Linux on i386.
--
0.9.6h:
One of the upcoming releases will be 0.9.6h (basically to fix all bugs
that have been f
On Wed, Nov 13, 2002 at 09:35:47AM +0100, Karl-Michael Werzowa wrote:
> letters, etc. (If you use an Ö or Ä it may be easy, but what about
> hungarian, slovak, croatian characters? How to type these? Do you know the
> possible transcripts?)
> The best way seems to be to have an ascii transcript and
Lin
No I am not an OpenSSL developer. However I have built several server and
client applications using OpenSSL.
The the following code works with IE 5.0 and the simple client program I
sent you.
BIO_puts(io,"HTTP/1.1 100 Continue\r\n");
BIO_puts(io,"Server: Microsoft-IIS/5.0\r\n");
BIO_puts
Oops, I'm not an expert on mbeans, etc. so I'm not wasn't sure what all you needed
Here's what we're using
for the tomcat-service.xml file.
(I've 'd out the private pieces.) The keystore is located in the
jboss/server/default/conf/ directory.
I would seriously recommend upgrading y
> Presumably the point of this exercise is to be able to analyze normally
> encrypted traffic.
That's what I thought when I first read your problem description.
IMHO, you're going at this the wrong way. Set up a second box running
snort. Set it up to read the encrypted traffic... and use a decr
On Wed, Nov 13, 2002 at 09:53:34AM -0800, Lin Ma wrote:
> I have a client program using Openssl to send request to and receive
> response from a web server. SSL_read hangs if the web server sends the
> following headers.
>
> The following is the header dump without SSL. I think the problem is the
If it's RedHat, AFAIK we have the following situation and the following fix.
0.9.5b is libcrypto.so.0 and libssl.so.0
0.9.6 is libcrypto.so.1 and libssl.so.1
0.9.6b is libcrypto.so.2 and libssl.so.2
Recreate these symlinks:
ln -s /usr/local/ssl/lib/libcrypto.so /usr/lib/libcrypto.so.
Hi Experts:
THANKS to Mr. Lance for his reply.
I tried to modify my /jboss/server/default/deploy/tomcat4-service.xml file
as shown below:
--
verbosityLevel = "
Mike Alberghini <[EMAIL PROTECTED]> writes:
> On Wed, Nov 13, 2002 at 04:24:38PM -0300, Alejandro Rusell wrote:
> > I don't know of any option in the clients (browsers) that support
> > your scenario.
> >
> > BTW, what do you mean with "analyze unencrypted network traffic"?
> > Should it be "encr
In message <[EMAIL PROTECTED]> on Wed, 13 Nov
2002 14:43:49 -0500, "John d'Alelio" <[EMAIL PROTECTED]> said:
jdalelio> does anyone know why these files no longer appear in the distribution? They
jdalelio> were in the openssl-0.9.6b-11 version but not in openssl-0.9.6b-29 version.
I think you're
On Wed, Nov 13, 2002 at 04:24:38PM -0300, Alejandro Rusell wrote:
> I don't know of any option in the clients (browsers) that support
> your scenario.
>
> BTW, what do you mean with "analyze unencrypted network traffic"?
> Should it be "encrypt/protect unencrypted network traffic"?
We have a web
does anyone know why these files no longer appear in the distribution? They
were in the openssl-0.9.6b-11 version but not in openssl-0.9.6b-29 version.
John d'Alelio
Sr System Engineer
Psynapse Technologies LLC
Washington D.C. 20007
__
On Wednesday 13 November 2002 12:17 pm, you wrote:
>
> $ openssl x509 -noout -modulus -in server.cert | openssl md5
> unable to load certificate
> 26567:error:0906D066:PEM routines:PEM_read_bio:bad end
> line:pem_lib.c:762:
> d41d8cd98f00b204e9800998ecf8427e
D'oh! An unfaithful cut-n-paste added
The former supports several external cryptographic accelerator cards, and
the latter does not. Otherwise, the two versions are the same.
Lynn Gazis
Rainbow Technologies
-Original Message-
From: ANKIT K SHAH [mailto:anshah@;us.ibm.com]
Sent: Wednesday, November 13, 2002 11:01 AM
To: [EMAI
This sounds like it could be handled by a reverse proxy setup to me.
I'm pretty sure Apache Web Server can do this (see the
ProxyPass/ProxyPassReverse|| directives).
-- Tim
We are trying to set up a system where a server can act as a proxy for
http, while automaticaly encrypting all proxied co
Presumably the point of this exercise is to be able to analyze normally
encrypted traffic. It would be easier to write a proxy that simply
negotiated with the server as a client and with the browser as a server.
Sure, the browser would detect that the "server" certificate was incorrect
(actually a
Hello,
I don't know of any option in the clients (browsers) that support your scenario.
You could use stunnel (www.stunnel.org), and that could work perfect, but you will
have to install one instance of stunnel client on each workstation. Technically, it
is possible to encrypt the channel to t
Hari,
You'll probably want to edit Tomcat's server.xml and add/modify a couple
Connector specifications inside the Service spec, such as the following.
(Now, I'm using Tomcat 4.0.6 with JBoss 3.0.4, so for me this file is actually
the $JBOSS_HOME/server/default/deploy/tomcat4-service.xml file.)
I just received a new cert from Verisign via email for use in Apache
1.3.27 with mod_ssl-2.8.12-1.3.27 and openssl 0.9.6g. When I
cut-n-paste it into a file (server.cert) and attempt to verify it
matches the server key and CSR by comparing md5 sums, I get the
following error:
$ openssl x509
Hello all,
What is the difference between
openssl-engine-0.9.6g.tar.gz
and
Great, thanks!
Nils Larsch wrote:
> Hi Frank,
>
> Frank wrote:
> > Marcus,
> > Thanks. But that example is a little confussing. First what type of
> > signature are you doing, RSA, DSA?
>
> If your are using the EVP_Sign{Init|Update|Final} functions (as in demos/
> sign/sign.c) the type of
Hi Frank,
Frank wrote:
> Marcus,
> Thanks. But that example is a little confussing. First what type of
> signature are you doing, RSA, DSA?
If your are using the EVP_Sign{Init|Update|Final} functions (as in demos/
sign/sign.c) the type of the signature (RSA, DSA, ECDSA) is specified
by the
To avoid this, you must:
1) remove the passphrase from the certificate
or
2) write a script to feed the passphrase at startup
This is in the FAQ: http://www.modssl.org/docs/2.8/ssl_faq.html#ToC31
rgds,
Owen Boyle
>-Original Message-
>From: fabien POILLIOT [mailto:fabien.POILLIOT@;orac
You can use OpenSSL0.9.6g.
Detailed instructions are given in 'INSTALL' file, located in directory
where you extracted the openssl archive.
- Sunil
-Original Message-
From: Deng Lor [mailto:deng_lor@;hotmail.com]
Sent: Tuesday, November 12, 2002 10:51 PM
To: [EMAIL PROTECTED]
Subject: Un
31 matches
Mail list logo